setup.exe

TapGamez 2013 LTD

The application setup.exe by TapGamez 2013 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from 3ydrx.ieffch.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Installer  (signed by TapGamez 2013 LTD)

Product:
Installer

Version:
1.51.0.0

MD5:
a3e0807ac9adb53b4ff36c4c0c702cd9

SHA-1:
c518219660f12494bac7356147908e487e6ee1fc

SHA-256:
7a728130367af12b6049500bbf1689de3442f71baa0f5fb24c4b3acc423204aa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/2/2024 1:40:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TapGamez.TapGamez2013.Installer (M)
16.2.23.11

File size:
965.6 KB (988,752 bytes)

Product version:
1.51.0.0

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/15/2014 6:00:00 PM

Valid to:
12/16/2015 5:59:59 PM

Subject:
CN=TapGamez 2013 LTD, O=TapGamez 2013 LTD, STREET=1 habarzel st., L=tel aviv, S=israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BD65286DA248840F6ECF8F4305066E9F

File PE Metadata
Compilation timestamp:
3/9/2015 6:05:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:jCBKnfjM62ObthzypxIecnLTSfrQoKV+1hb74:zLegCIecnLTSfwV+1hv4

Entry address:
0x625EF

Entry point:
E8, 92, 56, 00, 00, E9, 7F, FE, FF, FF, 51, C7, 01, 0C, 95, 48, 00, E8, 77, 5C, 00, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, D6, 5B, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, C9, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D0, F5, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 5D, E9, 14, 00, 00, 00, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 5A, 61, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 5E, 5E, 00...
 
[+]

Entropy:
6.5814

Code size:
521 KB (533,504 bytes)

The file setup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Remove setup.exe - Powered by Reason Core Security