home

setup.exe

Операционная система Microsoft Windows

Smart Distribyushn, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application setup.exe, “Исполняемый файл для игры "Червы"” by Smart Distribyushn, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Microsoft Corporation  (signed by Smart Distribyushn, TOV)

Product:
Операционная система Microsoft® Windows®

Description:
Исполняемый файл для игры "Червы"

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
141a77d9cd7174feeea71393b8148ecd

SHA-1:
991826ac33b7fef14c00ed76a4676a565176b28e

SHA-256:
800b06a34224bfc1229b9b48f005b183762a2de4aa87db268aec783b4b992986

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:54:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SmartDis.Installer (M)
16.7.9.13

File size:
3.4 MB (3,569,688 bytes)

Product version:
6.1.7600.16385

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
hearts.exe.mui

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Smart Distribyushn, TOV

Authority:
COMODO CA Limited

Valid from:
5/11/2016 4:00:00 AM

Valid to:
5/12/2017 3:59:59 AM

Subject:
CN="Smart Distribyushn, TOV", OU=IT, O="Smart Distribyushn, TOV", STREET="vul. IVANA KUDRI, 37-A", L=Kiev, S=Kiev, PostalCode=01042, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BDB767F216F527E41E098F4F5324B4A4

File PE Metadata
Compilation timestamp:
10/30/2012 10:56:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:v3VTJ0ZCrhR+5qQpgfimLamdzfrg/dWxvkreoVDyO65iBdW1lWkfyngF6UQ1tTot:dTJ0mhR+5qkgvacjK5MiSmkC1aFQFtJc

Entry address:
0x3ED26

Entry point:
E8, 69, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, D5, 44, 00, E8, 04, 17, 00, 00, E8, 3A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, FC, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BB, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
287.5 KB (294,400 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.