home

setup.exe

Setup Factory Runtime

BitTorrent Inc

The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
BitTorrent Inc  (signed and verified)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.05

MD5:
0f14c3fd773fcee22e505dce28b9ff38

SHA-1:
ae193b37ff33335e05c9930835f666b74ddf9339

SHA-256:
f569abf0e4ae7279cf22b3289ed8b8ae083a6b1c1a5e0b5178fcbea61bf72ab7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:04:43 PM UTC  (today)

File size:
1.3 MB (1,391,104 bytes)

Product version:
9.05

Copyright:
Setup Engine Copyright © 2004-2015 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature
Signed by:
BitTorrent Inc

Authority:
Symantec Corporation

Valid from:
1/22/2016 1:00:00 AM

Valid to:
9/4/2016 1:59:59 AM

Subject:
CN=BitTorrent Inc, O=BitTorrent Inc, L=San Francisco, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59123D60D39E60127D6B456A62C9DEAC

File PE Metadata
Compilation timestamp:
5/13/2016 7:25:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pCYXEefY04kU0fCBNg4pHtuMyJhvBqdOTg7rT9ZhD66LQXUvfRGQPz:p6r04kUNgiN4Md7/9ZQxAfLL

Entry address:
0x11F4

Entry point:
68, 9C, 32, 54, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 3C, 23, 99, 5F, 78, 0D, 43, 4D, 87, F4, 9F, 55, 79, 0D, E1, 82, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 31, 44, 32, 2D, 41, 39, 76, 62, 34, 70, 72, 6F, 6A, 65, 63, 74, 56, 62, 00, 41, 31, 7D, 00, 00, 00, 00, FF, CC, 31, 00, 03, AE, 12, EC, A2, 78, 1D, D4, 41, 9F, 00, 33, D0, 36, AB, C0, 09, 7D, F3, 22, A2, FC, 86, 31, 48, 83, 0C, CA, F3, A9, 32, A1, 2F, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.3 MB (1,343,488 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

https://docs.google.com/uc?id=0B571c2Yx3IpbczBmd1lGTDdYTXc&export=download

https://doc-0g-0c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7iok1g6uuk1h6drt7tg4qrorhi3sr32u/1463313600000/14962028862853667482/.../0B571c2Yx3IpbczBmd1lGTDdYTXc?e=download

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.