home

Setup.exe

Setup Factory 8.0 Runtime

Encore Software

The program is a setup application that uses the Setup Factory installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from 85.25.41.237 and multiple other hosts.
Publisher:
Encore Software  (signed and verified)

Product:
Setup Factory 8.0 Runtime

Description:
Setup Application

Version:
8.2.2.0

MD5:
b19c548aaded548498e97bbef5cd14ab

SHA-1:
c9e77153fd65a4d9bb9772cce0d49172d7602221

SHA-256:
6e050e5fd210b6fe113a9566fba332d12a9e7bc0e81bddfb2c78ddbd73e81a92

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 12:48:33 AM UTC  (today)

File size:
0 Bytes

Product version:
8.2.2.0

Copyright:
Setup Engine Copyright © 2004-2010 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf80_launch.exe

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Encore Software

Authority:
VeriSign, Inc.

Valid from:
3/30/2014 7:00:00 PM

Valid to:
4/30/2015 6:59:59 PM

Subject:
CN=Encore Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Encore Software, L=Eden Prairie, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58CC3CA4D6132EC8463FF484BFC9931A

File PE Metadata
Compilation timestamp:
6/22/2010 8:31:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
50331648:ewzAk3LRY99s/W2JBzS30pk4fJlEkCPuQI/jSk+I0yeC:ewfLUi/WClSZ4fJOkC2QzIvx

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Code size:
32 KB (32,768 bytes)

The file Setup.exe has been seen being distributed by the following 5 URLs.

http://85.25.41.237/.../TurboFloorPlan3DPro2015.exe

http://doublecad.s3.amazonaws.com/TurboFloorPlan3DPro2015.exe

http://files.downloadnow.com/s/software/13/93/93/.../TurboFloorPlan3DPro2015.exe

http://software-files-a.cnet.com/s/software/13/93/93/.../TurboFloorPlan3DPro2015.exe

http://downloads.imsidesign.com/.../TurboFloorPlan3DPro2015.exe

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.