setup.exe

Installer

The application setup.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The file has been seen being downloaded from fugdownload106.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Version:
1.0.0.1

MD5:
7be236669cdd2aea6ce1a13776f72f11

SHA-1:
89747b75cbfb0b9fae8153f193e9522932259d22

SHA-256:
5226d130d03aa2431a7be851aa6da0c022addb1c0d87668f3859a05649ada7e2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 7:56:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
160414-2

Emsisoft Anti-Malware
Gen:Variant.Razy.12004
16.07.01

ESET NOD32
Win32/AdGazelle.J potentially unwanted application
8.0.319.0

Norman
Gen:Variant.Razy.12004
19.05.2016 01:04:49

File size:
268 KB (274,432 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
4/30/2015 12:16:20 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:9krm2h+iwLXvHrBXfOiFUvnp62tFl6SEMR+8AtnAg0Fu0Ag0FuLkxMA6c5Pg:9N2kiwDvL34n82l6PMRQdAO0AO12m

Entry address:
0xF9D3

Entry point:
E8, 90, AC, 00, 00, E9, 8B, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, C8, B2, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 98, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, C8, B2, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.1836

Code size:
160 KB (163,840 bytes)

The file setup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove setup.exe - Powered by Reason Core Security