home

Setup.exe

MU Online

This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
MU Online

Description:
MU Huyen Vu 1.1.02 Installation

Version:
1.1.02

MD5:
3df9672b252070668cf3b0ed5db7f58c

SHA-1:
9d4d873b877ee2e83e1119c0fefb7131f82c95ce

SHA-256:
c84ee3ada56a0028ba82264ddc5f04b7227b4c0245c3a83c02ca2c2b4df401ac

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 10:02:25 AM UTC  (today)

File size:
770.2 MB (807,561,714 bytes)

Copyright:
MU Online

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12582912:pbOLugJEISEQYZPnK3PlQyo0ncT83XGKgUUSyuY6EogWYz3B5tz93OClKn2Lsnn6:sTQEthKtQy5532KgUUDvWyPtYgKn76

Entry address:
0x25468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9997

Developed / compiled with:
Microsoft Visual C++

Code size:
145.5 KB (148,992 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

https://docs.google.com/uc?export=download&confirm=6ALu&id=0B3g_hZlPNMKQNlFTdzhydVpiTms

https://doc-14-58-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9rsthucbr0sbl77l6jgv0d0tehihk3q7/1457582400000/07261959334406448340/.../0B3g_hZlPNMKQNlFTdzhydVpiTms?e=download

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.