Setup.exe

PerformerSoft Digital Software Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.bestapp300.us and multiple other hosts.
Publisher:
PerformerSoft Digital Software Inc.  (signed and verified)

MD5:
1bf5b58a6d5940286aaee8ad9bbf389b

SHA-1:
d817de45817d21ccb287c2130425406cec3e48fe

SHA-256:
824da30b38a47edea9fb0d46a91cf645e65e42d29aa2975c980dc8464626989c

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 7:14:48 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0127
7.2.40

File size:
132.1 KB (135,224 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 10:37:52 AM

Valid to:
12/17/2016 10:37:52 AM

Subject:
CN=PerformerSoft Digital Software Inc., O=PerformerSoft Digital Software Inc., L=Portland, S=Oregon, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B65A44F092A5E

File PE Metadata
Compilation timestamp:
7/6/2011 10:31:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:iszWOITsEL50jl7yYkQdZwbRfcjGslHecpfwFGlF9F1w:ZzZZpkQSXslHecoGl/FK

Entry address:
0x3415

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.3612

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://www.bestapp300.us/.../index.php?cid=3765&cid=3763

Scan Setup.exe - Powered by Reason Core Security