Setup.exe

Black Chip LTD

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from get.goldencherry.com and multiple other hosts.
Publisher:
Black Chip LTD  (signed and verified)

MD5:
009320463eef523f7d439620c7993e87

SHA-1:
90af5dd564a108c3325083fda4a0523bc42710d0

SHA-256:
e464b79ca9e98d9c8f79a395ab70d2ddb7411ffbc2b7d90887e423e32402d717

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 1:48:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
GAME/Casino.Gen
7.11.211.222

File size:
1.3 MB (1,320,168 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/3/2013 7:00:00 PM

Valid to:
2/24/2016 6:59:59 PM

Subject:
CN=Black Chip LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Black Chip LTD, L=Nicosia, S=None, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E940EAFF0B2574BE0848C2925CFCDCA

File PE Metadata
Compilation timestamp:
6/6/2009 5:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:Gm5RqzLCkdpXjw8bPr1u3spKpjCfOC8q/PtcJFGbXWAgO8uZg1npq1bus:HqLfdljwozIsamfCq/lZST1p+b

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9933

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 11 URLs.

http://get.goldencherry.com/get/.../1165895?tracker=

http://goldencherry-ads.com/gc.aspx?d=download

http://get.goldencherry.com/get/.../1161659

Scan Setup.exe - Powered by Reason Core Security