setup.exe

Armadillo Incorporated

The application setup.exe by Armadillo has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from intva16.caseblogging.info.
Publisher:
Armadillo Incorporated  (signed and verified)

Product:
Armadillo Incorporated

Version:
68.9.8.8070

MD5:
b37bf541ecc02ec379cd12cf39ddff88

SHA-1:
cee61827d562d87bd5a85f1a154addb7607ba779

SHA-256:
82d89b70b3f9a5f37a3fca02737042ca1e44922d095e91516c4658090a63c347

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/27/2024 12:31:53 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Vittalia.8677
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.Q potentially unwanted application
7.0.302.0

F-Secure
Variant.Graftor.274815
5.15.21

VIPRE Antivirus
Threat.4150696
47848

File size:
893.3 KB (914,728 bytes)

Product version:
68.9.8.8070

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 2:17:38 PM

Valid to:
3/8/2017 2:17:38 PM

Subject:
CN=Armadillo Incorporated, O=Armadillo Incorporated, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
30F1E885B799F0DA

File PE Metadata
Compilation timestamp:
3/19/2015 3:21:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:pL5SRugbxXPT060rCGNuS5nP5/eEH9PGVsos:55SksqCGNuMPtduOo

Entry address:
0x4F96

Entry point:
E8, 95, 94, 00, 00, E9, BF, 8C, 00, 00, FF, 25, A0, E6, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A8, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, B0, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A0, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, AC, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F0, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 74, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 8B, 74, 24...
 
[+]

Entropy:
7.9643  (probably packed)

Code size:
57 KB (58,368 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security