setup.exe

The application setup.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ttb.obvj0w71hq.com.
MD5:
375f5838086f1ba570ef0b25f97da971

SHA-1:
b103dc1238601144662027185ca84d48eaec020a

SHA-256:
4e1f325c819089e79cd904708ff95c3ab2f0dac750212418816cfe9995d20c85

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/7/2024 10:35:04 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SoftPulse-AY [PUP]
160414-2

Dr.Web
Trojan.DownLoader11.36367
9.0.1.05190

Reason Heuristics
PUP.Softpulse.Bundler.AT (M)
16.6.15.22

File size:
227.5 KB (232,986 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
10/15/2014 12:33:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:VZ3a7QPmpfWlMUs+zyLrQRM+Va1495Y076GHH1/+GqNiMKatgZ9C5ZJ:VZe1bLrQ2SypGnp+GqgetO9Mj

Entry address:
0x7F26

Entry point:
E8, 14, 43, 00, 00, E9, 7F, FE, FF, FF, E9, 46, 25, 00, 00, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 34, 48, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, EE, 2C, 00, 00, 59, 85, C0, 74, E6, C9, C3, 6A, 01, 8D, 45, FC, 50, 8D, 4D, F0, C7, 45, FC, 24, A5, 48, 00, E8, 74, 2F, 00, 00, 68, 3C, 06, 49, 00, 8D, 45, F0, 50, C7, 45, F0, 1C, A5, 48, 00, E8, A8, 25, 00, 00, CC, 55, 8B, EC, 53, 8B, 5D, 10, 8B, C3, 56, 83, E8, 00, 0F, 84, DC, 16, 00, 00, 48, 0F, 84, C4, 16, 00, 00, 48, 0F, 84, 8E, 16, 00, 00, 48...
 
[+]

Code size:
81 KB (82,944 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security