home

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with multiple programs including Microsoft Visio 2010 and Microsoft Office Professional 2010. The file has been seen being downloaded from www.dropbox.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Setup Bootstrapper

Version:
14.0.4755.1000

MD5:
4d92f518527353c0db88a70fddcfd390

SHA-1:
c4baffc19e7d1f0e0ebf73bab86a491c1d152f98

SHA-256:
97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/24/2024 1:37:38 PM UTC  (today)

File size:
1 MB (1,100,664 bytes)

Product version:
14.0.4755.1000

Copyright:
© 2010 Microsoft Corporation. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/7/2009 2:40:29 PM

Valid to:
3/7/2011 2:40:29 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6101CF3E00000000000F

File PE Metadata
Compilation timestamp:
3/10/2010 11:40:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:JeGuphfCWQIbDUhUOvF7CehnLQie+I7XHgZQKhJgeCmyDLFSLfmLU7k/:JeGefCnE7Oduehsi0LHgZpJEdDZSx7k/

Entry address:
0x55AB0

Entry point:
E8, FF, 3D, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, B4, 3E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 5C, 03, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 37, 15, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 11, 0B, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, 65, 3E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD...
 
[+]

Entropy:
6.5650

Code size:
505 KB (517,120 bytes)

The file setup.exe has been discovered within the following programs.

Microsoft Office Professional 2010  by Microsoft Corporation
Publisher's description - “Organize projects, manage finances and build a better way to do business with tools from Microsoft Office Professional 2010. Exchange ideas with customers and business partners remotely with Web Apps--it's another way you can stay connected to your business wherever you are.”
office.microsoft.com/en-us/professional
3% remove it
Microsoft Visio 2010  by Microsoft Corporation
8% remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 50 URLs.

https://www.dropbox.com/pri/get/.../setup.exe

http://origin-ics.clickpotato.tv/NCIC/20120226094853494E434647493032_53833f32-cd48-459a-802c-4de03494381f/.../Setup.exe

https://doc-0k-0o-docs.googleusercontent.com/docs/securesc/t0rrhhjdrpbdosppouu8tkqfcsntagu1/joln5vq69oi6kdd23rusrjrdqhq9q9h0/1479204000000/07667243526600248812/.../0Bzrriov_mz6JakNqUjk2dG5nWmM?e=download

https://drive.google.com/uc?id=0BxOEbOM8EJjaUDFTZmdId0Mta1E&export=download

http://www.supertuneup.com/downloadip_allcs_dcom.asp?utm_source=dcomnew_sec_728&utm_campaign=dcomnew_sec_728

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../CRFFnaLC

https://doc-0k-ac-docs.googleusercontent.com/docs/securesc/ab157sl16jbksf7fbuclg7mf9hp7vdgt/4f9hjks6r04c3vfgjufu3ghfqlc7uvim/1469944800000/.../00804288520022091571/0B5QG4bvbSpMMY2ppay1TR3ZSQUk?e=download

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pPloOCCIIB6ZlaZvl-8AYsk7d5oim6tjVLnvVcvgjeD-2ZtlT9A_pt3lDMkvO-73/messages/@.id==AEoNiWIAAFHIV7VgiQW08CQ-mzM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=4f465c23-67a2-bbef-01de-8700bf010000&token=DF1aDGQ6uUlQKcgEDKT2ZqGQjmd4yUGAJBLlUQVcIprYd-sqvOht95JYDAXJOY31pXSQPIt7834jXjyRXCwNNg&error=https://mg.mail.yahoo.com/.../iframemsg?id=48505ca8-4338-776b-414c-30c4d3f324b2

ftp://190.85.119.252/.../setup.exe

https://www.dropbox.com/sh/i9t4mx9myd6lsmj/AAA2UD3OJfZvaxtii_nZHp2ca/.../setup.exe

http://192.168.1.14:5000/.../setup.exe

https://www.dropbox.com/pri/get/office/.../setup.exe

temp:1_264786614994075960.exe

https://doc-0k-0k-docs.googleusercontent.com/docs/securesc/17avnrm6qt67281bc2tr3084gdgq5prj/ltknajhnbknob9qh7ihvsqp05eep1dh4/1435435200000/.../09259448192592279842/0B8vzKJ7PGUPYUTFMdGt1cG1CWkE?e=download

https://mega.nz/persistent/.../nEsxTI7Q

https://0a50oa.dm2302.livefilestore.com/.../setup.exe

http://tecdigital.tec.ac.cr/dotlrn/classes/EM/EM3504/S-2-2015.CA.EM3504.1/file-storage/.../Setup.exe

https://8rz4pq-dm2306.files.1drv.com/.../setup.exe

http://dl.free.fr/gMEfo5GXx

https://doc-0s-1o-docs.googleusercontent.com/docs/securesc/7sn1plnfsubtsqg8h541vs2ld22f3dts/p6ctmti7svi3evffhpkmtif6h1u3r49k/1462903200000/.../02589645606784623046/0B_X8o8v7jPdjMVVMQ3hJaU02X1U?e=download

http://nfs.atypon.com/public/CDs/MS-Office/.../setup.exe

https://www.dropbox.com/sh/z64nbzwqak8yvxa/AAD4ipasCsqYOd_sQdfcqSK6a/.../setup.exe

https://www.dropbox.com/pri/get/.../setup.exe

https://cdn.discordapp.com/attachments/245265999157395456/.../setup.exe

https://mega.nz/temporary/.../zMRmRIDC

https://onedrive.live.com/download.aspx?cid=8C0A39AE34BF3D0B&resid=8C0A39AE34BF3D0B!8236&canary=VAkwBgfUx2iDlEuVkaGMIiaNdLgS 1CreXDzZlq11vs=9&ithint=.exe

http://www.onlinevideopctools.com/.../setup.exe

https://doc-0g-1k-docs.googleusercontent.com/docs/securesc/ihcjtqugg7pq41hq1bfu8nc4lnnv46gv/glua56di5rt6uhdta9ts5eek84c21vsq/1478167200000/02425740352339555915/.../0B9sYeSUBiX1ra2pmSmFnaUVEazg?e=download

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

https://dl.dropboxusercontent.com/content_link/.../file?dl=1

Latest 30 of 89 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.