» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ttb.obvj0w71hq.com.

File name:

setup.exe

MD5:

375f5838086f1ba570ef0b25f97da971

SHA-1:

b103dc1238601144662027185ca84d48eaec020a

SHA-256:

4e1f325c819089e79cd904708ff95c3ab2f0dac750212418816cfe9995d20c85

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/25/2024 12:13:37 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SoftPulse-AY [PUP]

160414-2

Dr.Web

Trojan.DownLoader11.36367

9.0.1.05190

Reason Heuristics

PUP.Softpulse.Bundler.AT (M)

16.6.15.22

File size:

227.5 KB (232,986 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

10/15/2014 12:33:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:VZ3a7QPmpfWlMUs+zyLrQRM+Va1495Y076GHH1/+GqNiMKatgZ9C5ZJ:VZe1bLrQ2SypGnp+GqgetO9Mj

Entry address:

0x7F26

Entry point:

E8, 14, 43, 00, 00, E9, 7F, FE, FF, FF, E9, 46, 25, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 34, 48, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, EE, 2C, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 24, A5, 48, 00, E8, 74, 2F, 00, 00, 68, 3C, 06, 49, 00, 8D, 45, F0, 50, C7, 45, F0, 1C, A5, 48, 00, E8, A8, 25, 00, 00, CC, 55, 8B, EC, 53, 8B, 5D, 10, 8B, C3, 56, 83, E8, 00, 0F, 84, DC, 16, 00, 00, 48, 0F, 84, C4, 16, 00, 00, 48, 0F, 84, 8E, 16, 00, 00, 48... 
[+]

Code size:

81 KB (82,944 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://ttb.obvj0w71hq.com/download/request/.../CJzxGx39?__tc=1413416544.714&lpsl=0969aff8f882b2829f697df8218e66d4&expire=1413502938&PubID=193068&tgu_src_lp_domain=www.dwlsoftultimate.com&ClickID=30382502531413416529&fileName=Setup

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.