home

setup.exe

The executable setup.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from www.pcflvdownload.com.
MD5:
8a6d0c24fd2d24c2091b86584a693c39

SHA-1:
b861b1701e887189eb5d3e0e204bba594cfaffbf

SHA-256:
20f4f4c30a3cccac623698b983e98b2cc71e52b0c5ef8bbfe4c3be1ebfa3a799

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/7/2024 3:41:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.25.9

File size:
1.1 MB (1,115,104 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
12/2/2014 10:31:00 AM

OS version:
5.1

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:kek5eaBXlF8pV8NGpf3aG4GFbz57gdgwX+RvQJQLa4vMnhvzZy:kPlj8pI2/aGZbVgdglaQfvMZZy

Entry address:
0xCA76

Entry point:
B8, E0, 52, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 72, 65, 78, 63, 6E, 67, 72, 65, 77, 34, 00, 8A, 91, 88, 95, EB, E5, F7, 2B, 5A, 3B, 01, 70, D0, AE, 9E, 2C, 74, F3, 12, 35, AC, 58, D3, 1F, 36, D9, 13, 6E, 53, 32, 16, FC, C1, EB, 25, D0, 34, 29, 8E, 0A, 1B, F5, A2, 68, 72, 8E, B9, 49, 7F, 42, 27, DF, 2F, 5D, F4, 66, 46, F2, D7, 3F, 16, 76, 6D, F8, D7, 3C, 74, 66, 4F, 6F, 28, D1, 3B, DA, B8, C0, 34, CB, 95, C2, 11, 57, 81, BA, EA, 9D, 47, 50, 69, 75, 2D, 34, 10...
 
[+]

Entropy:
7.9872  (probably packed)

Code size:
144.5 KB (147,968 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.pcflvdownload.com/down/flash/.../down.php?sid=479&dv1=ad472-us&kw1=ad472-us-qyc&uuid=e9627fd5-34ce-4fa6-5a19-4ba47ecc5bdd&dv3=e9627fd5-34ce-4fa6-5a19-4ba47ecc5bdd

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.