setup.exe

DesktopDockSetup.exe

Desktop Dock

The application setup.exe by Desktop Dock has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.verrsin.net and multiple other hosts.
Publisher:
Desktop Dock  (signed and verified)

Product:
DesktopDockSetup.exe

Version:
1.0.0.13

MD5:
391954d046a69618d7c0dc28d43faa20

SHA-1:
a30a6f1150c6463088f38ab42a2268a458d386c5

SHA-256:
b425fa4482f613b048b9ad7f2008f459aa2bde4b5633778ab8a08e6dd1153338

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 11:10:54 AM UTC  (today)

Scan engine
Detection
Engine version

K7 AntiVirus
Unwanted-Program
13.185.14021

Reason Heuristics
PUP.Installer.DesktopDock.F
14.11.16.1

Trend Micro House Call
Suspicious_GEN.F47V1029
7.2.320

VIPRE Antivirus
Rocketfuel Installer
34826

File size:
129.5 KB (132,584 bytes)

Product version:
1.0.0.13

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/8/2014 7:00:00 PM

Valid to:
5/8/2016 6:59:59 PM

Subject:
CN=Desktop Dock, O=Desktop Dock, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
72D187E754B89EF452FF82C8A9DE9B

File PE Metadata
Compilation timestamp:
12/5/2009 4:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:MuxkZuTXJ+hBIjAAdW7VDI9Iq276TXgYXH81f:MSAhB+dWCICXgY3Yf

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.3097

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 6 URLs.

http://i.verrsin.net/inst/software/84D018F4-FBB4-4B41-BAD1-BBB14605F052/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security