home

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from flv.orangesofts.com.
MD5:
2e62b1c89a46cf78520767fb5c27c00d

SHA-1:
b084c65d3d255a5815d53153f4850a451beae05f

SHA-256:
4006085c595986b872b3ad0c50e9cd98c3c7e9fd5439f2b2065924a1aea43d53

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
11/7/2024 7:40:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.117871
774

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2014.11.29

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:SoftPulse-BE [PUP]
141214-1

AVG
Found Win32/DH{gRIxfX5QgQd5VE8VUYEVgQkcU4ETQYEP}
2015.0.3252

Bitdefender
Gen:Variant.Graftor.165890
1.0.20.1780

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/19817

Comodo Security
Application.Win32.SoftPulse.D
20283

Dr.Web
Adware.SoftPules.3
9.0.1.0356

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.117871
8.14.12.22.11

ESET NOD32
Win32/SoftPulse.P potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
W32/Kryptik.BWOY!tr
12/22/2014

F-Prot
W32/A-3f31f6a7
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.117871
11.2014-22-12_2

G Data
Win32.Application.SoftPulse
14.12.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14239

Kaspersky
Trojan.Win32.Buzus
14.0.0.2755

Malwarebytes
PUP.Optional.SmartSec
v2014.12.22.11

McAfee
Program.SoftPulse
5600.6908

MicroWorld eScan
Gen:Variant.Graftor.165890
15.0.0.1068

NANO AntiVirus
Trojan.Win32.DriverUpd.djmoky
0.28.6.63726

Norman
Gen:Variant.Adware.Zusy.117871
11.20141222

Panda Antivirus
Trj/Genetic.gen
14.12.22.11

Qihoo 360 Security
Malware.QVM18.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.22.23

Sophos
SoftPulse
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10161

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.5064683
35418

Zillya! Antivirus
Adware.Agent.Win32.25201
2.0.0.2006

File size:
1.3 MB (1,348,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
12/5/2014 1:45:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:jK6fxaOhc2dC3Rfzy41rWibAiCEydknBds0a0m1lK8g:m6JpC3RLy41aibAiCE1Ps0a1LKj

Entry address:
0x17C13B

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.9042

Packer / compiler:
ASPack v1.08.04

Code size:
144.5 KB (147,968 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://flv.orangesofts.com/down/flash/.../down.php?sid=300&dv1=ad294-gb&kw1=ad294-gb-qyc&uuid=e9b59232-78f1-450d-5d47-6f6b589be9e4&dv3=e9b59232-78f1-450d-5d47-6f6b589be9e4

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.