home

setup.exe

Allmyapps

The application setup.exe by Allmyapps has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 13.67.1732.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Allmyapps  (signed and verified)

MD5:
4f5fed235d6558f437476479d7e37ea1

SHA-1:
b2d5d4e0481ea7d2426b6e326e5ba83d217489d0

SHA-256:
cadada39ff2c5fb11f8dcd6bab202b072f1d8e76f7a30d8a5fb086b5ceb6c402

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 3:42:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Allmyapps.F
14.12.16.8

File size:
448.9 KB (459,672 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Allmyapps

Authority:
The USERTRUST Network

Valid from:
12/6/2010 1:00:00 AM

Valid to:
12/6/2013 12:59:59 AM

Subject:
CN=Allmyapps, O=Allmyapps, STREET=22 23 quai du président carnot, L=Saint Cloud, S=Ile de France, PostalCode=92210, C=FR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009D380BB9DF58B350F1D85FDF834E5CBE

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:Kq64RKCi/0ymV2X2+oq8peh2/DIvJ+t2s8DQgjZw:Jw0ym8G+oq8pO8Dm+ULQl

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-52-84-105-200.del51.r.cloudfront.net  (52.84.105.200:443)

TCP (HTTP SSL):
Connects to server-54-182-4-112.hkg51.r.cloudfront.net  (54.182.4.112:443)

TCP (HTTP SSL):
Connects to server-54-182-2-162.hkg51.r.cloudfront.net  (54.182.2.162:443)

TCP (HTTP SSL):
Connects to server-54-192-217-43.mrs50.r.cloudfront.net  (54.192.217.43:443)

TCP (HTTP SSL):
Connects to server-52-84-105-221.del51.r.cloudfront.net  (52.84.105.221:443)

TCP (HTTP):
Connects to geetos.info  (174.37.174.83:80)

TCP (HTTP):
Connects to 13.67.1732.ip4.static.sl-reverse.com  (50.23.103.19:80)

TCP (HTTP SSL):
Connects to server-54-230-190-99.maa3.r.cloudfront.net  (54.230.190.99:443)

TCP (HTTP SSL):
Connects to server-52-85-69-173.lhr5.r.cloudfront.net  (52.85.69.173:443)

TCP (HTTP SSL):
Connects to server-54-230-202-55.fra50.r.cloudfront.net  (54.230.202.55:443)

TCP (HTTP SSL):
Connects to server-54-230-202-23.fra50.r.cloudfront.net  (54.230.202.23:443)

TCP (HTTP SSL):
Connects to server-54-230-197-161.lhr50.r.cloudfront.net  (54.230.197.161:443)

TCP (HTTP SSL):
Connects to server-54-192-12-50.ams1.r.cloudfront.net  (54.192.12.50:443)

TCP (HTTP):
Connects to ec2-54-243-35-169.compute-1.amazonaws.com  (54.243.35.169:80)

TCP (HTTP):
Connects to 173.255.138.99.static.westdc.net  (173.255.138.99:80)

TCP (HTTP SSL):
Connects to server-54-192-217-40.mrs50.r.cloudfront.net  (54.192.217.40:443)

TCP (HTTP SSL):
Connects to server-52-84-105-241.del51.r.cloudfront.net  (52.84.105.241:443)

TCP (HTTP SSL):
Connects to ec2-23-23-163-81.compute-1.amazonaws.com  (23.23.163.81:443)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.