home

setup.exe

The executable setup.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from www.pcflvdownload.com.
MD5:
38f47adb3564e07a77a29ed6a9548040

SHA-1:
bd0fc21e06bad212e49aed6712c08d2f7ece345f

SHA-256:
5c354faec6fd81c2c76ed72ff110f70ef6130d23ef3481a24722886dc3ea23ad

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/7/2024 3:40:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.25.9

File size:
1.1 MB (1,118,168 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
12/4/2014 7:33:24 AM

OS version:
5.1

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:npzaucfNArAjuzOc2X/7aMGutOMIymshUVgrWvfxkE6J:npzjnMju39Mx8vyfhUVgRBJ

Entry address:
0xCA76

Entry point:
B8, 0C, 63, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 6E, 61, 78, 63, 76, 77, 64, 74, 6B, 38, 00, 55, 3D, 9B, 51, AE, ED, 8D, 66, A6, 29, 68, D2, 24, B6, 83, 84, 86, B1, D8, 4C, 4F, 9C, E9, 3F, FF, 55, 2F, DE, 78, E2, 45, 97, 7C, 2A, D8, B2, 55, ED, A9, F9, BB, 63, 2E, FA, 6D, 9E, FF, 4A, 28, E4, 6C, 4C, 62, 56, 72, 25, 6E, 99, 8F, 83, 8A, B5, D5, B8, F2, 04, C8, 15, F9, D9, BF, 59, 1E, A4, A5, DC, 1C, 84, 52, C9, DB, 2C, AE, AB, D3, 43, DE, 4F, 70, 5E, 98, 22, 48...
 
[+]

Entropy:
7.9866  (probably packed)

Code size:
144.5 KB (147,968 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.pcflvdownload.com/down/flash/.../down.php?sid=1100&dv1=ad1098-us&kw1=ad1098-us-qyc&uuid=f3e4b741-2a46-4078-590e-f401348e8bf7&dv3=f3e4b741-2a46-4078-590e-f401348e8bf7

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.