» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Armadillo Incorporated

The application setup.exe by Armadillo has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from intva16.caseblogging.info.

File name:

setup.exe

Publisher:

Armadillo Incorporated (signed and verified)

Product:

Armadillo Incorporated

Version:

68.9.8.8070

MD5:

b37bf541ecc02ec379cd12cf39ddff88

SHA-1:

cee61827d562d87bd5a85f1a154addb7607ba779

SHA-256:

82d89b70b3f9a5f37a3fca02737042ca1e44922d095e91516c4658090a63c347

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/24/2024 6:17:59 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Vittalia.8677

9.0.1.05190

ESET NOD32

Win32/DownloadAdmin.Q potentially unwanted application

7.0.302.0

F-Secure

Variant.Graftor.274815

5.15.21

VIPRE Antivirus

Threat.4150696

47848

File size:

893.3 KB (914,728 bytes)

Product version:

68.9.8.8070

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Armadillo Incorporated

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 2:17:38 PM

Valid to:

3/8/2017 2:17:38 PM

Subject:

CN=Armadillo Incorporated, O=Armadillo Incorporated, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

30F1E885B799F0DA

File PE Metadata

Compilation timestamp:

3/19/2015 3:21:54 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:pL5SRugbxXPT060rCGNuS5nP5/eEH9PGVsos:55SksqCGNuMPtduOo

Entry address:

0x4F96

Entry point:

E8, 95, 94, 00, 00, E9, BF, 8C, 00, 00, FF, 25, A0, E6, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A8, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, B0, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, A0, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, AC, DE, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F0, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 74, E5, 4A, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 8B, 74, 24... 
[+]

Entropy:

7.9643 (probably packed)

Code size:

57 KB (58,368 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://intva16.caseblogging.info/dl-pure?usefilename=true&_action_=getbin&filename=adobe_flash_player-48162941.exe&checksum=120182

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.