Setup.exe

Setup

Elex do Brasil Participações Ltda

The file Setup.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 10 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from dl2.yac.mx and multiple other hosts.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
Setup

Version:
1.0.164.24043

MD5:
7f40053648657541cfa8edb5f8a0e07d

SHA-1:
99ebe9fed845004771c46e0faf92587da0c2e97d

SHA-256:
13295069f9e37bfcb23bdcdc9aa005d21bb4cb1fc51aa746470b9540d90cdcc0

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:42:00 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Generic
2015.04.11

Dr.Web
Adware.Mutabaha.174
9.0.1.0102

ESET NOD32
Win32/ELEX.CC potentially unwanted (variant)
9.11457

Fortinet FortiGate
Riskware/Elex
4/12/2015

Malwarebytes
PUP.Optional.ELEX
v2015.04.12.02

McAfee
Artemis!7F4005364865
5600.6798

Panda Antivirus
PUP/YAC
15.04.12.02

Reason Heuristics
PUP.Optional.Installer.ELEX
15.4.11.22

Trend Micro House Call
Suspicious_GEN.F47V0330
7.2.102

VIPRE Antivirus
Trojan.Win32.Generic
39230

File size:
798.9 KB (818,024 bytes)

Product version:
1.0.164.24043

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
Setup.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/22/2014 7:00:00 PM

Valid to:
6/20/2015 6:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
3/30/2015 2:39:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:FjCqVVPdGTpF0PLwSdsDQJD+p9QLutCaskUH4W9b98ad7FTcQZ3BNlcOL8t:dnVSTsTXdJJ69kSPsX9bSavcQZeOL8t

Entry address:
0x93B8

Entry point:
E8, 41, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 90, 60, 41, 00, 6A, 01, A3, AC, EE, 41, 00, E8, 2C, 45, 00, 00, FF, 75, 08, E8, C1, 44, 00, 00, 83, 3D, AC, EE, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 12, 45, 00, 00, 59, 68, 09, 04, 00, C0, E8, 8F, 44, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 11, 70, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 90, EC, 41, 00, 89, 0D, 8C, EC, 41, 00, 89, 15, 88, EC, 41, 00, 89, 1D, 84, EC, 41, 00, 89, 35, 80, EC, 41, 00, 89, 3D, 7C...
 
[+]

Entropy:
7.5167

Code size:
83.5 KB (85,504 bytes)

The file Setup.exe has been seen being distributed by the following 7 URLs.

http://dl2.yac.mx/download/.../yet_another_cleaner_marc.exe

Remove Setup.exe - Powered by Reason Core Security