home

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from kyle.mxp2391.com and multiple other hosts.
MD5:
e2ac1e3d46440a9fed9fc58dd7abc7e5

SHA-1:
dd8deab6b6db366fab67fcc88d76230e05a4259b

SHA-256:
295a73a9941703c5c7344e8766749cc0b3bb33ebeb8e1a76b8d25725ca7f8723

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 12:32:54 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
AdWare.W32.Agent
2.1.4+

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.23

avast!
Win32:SoftPulse-AH [PUP]
141023-1

Dr.Web
Trojan.MulDrop5.40191
9.0.1.05190

F-Prot
W32/A-872da207
v6.4.7.1.166

G Data
Win32.Application.Softpulse
14.10.24

Kaspersky
not-a-virus:Downloader.Win32.LMN
15.0.0.494

Norman
SoftPulse.H
11.20141023

VIPRE Antivirus
Threat.4783235
33706

File size:
1.3 MB (1,381,022 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
9/19/2014 9:40:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:eOiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9:vi1DWLFP53UGe76x0ZUphdt

Entry address:
0x6BFA

Entry point:
1D, 0F, B6, 42, 1D, 2B, F8, 74, 16, 33, C9, 85, FF, 0F, 9F, C1, 8D, 0C, 4D, FF, FF, FF, FF, 85, C9, 0F, 85, 7D, 04, 00, 00, 0F, B6, 7E, 1E, 0F, B6, 42, 1E, 2B, F8, 74, 16, 33, C9, 85, FF, 0F, 9F, C1, 8D, 0C, 4D, FF, FF, FF, FF, 85, C9, 0F, 85, 5B, 04, 00, 00, 0F, B6, 4E, 1F, 0F, B6, 42, 1F, 2B, C8, 74, 12, 33, C0, 85, C9, 0F, 9F, C0, 8D, 0C, 45, FF, FF, FF, FF, EB, 02, 33, C9, 85, C9, 0F, 85, 35, 04, 00, 00, 6A, 20, 59, 2B, D9, 03, F1, 03, D1, 3B, D9, 0F, 83, 5F, FB, FF, FF, 03, F3, 03, D3, 83, FB, 1F, 0F...
 
[+]

Code size:
78 KB (79,872 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://kyle.mxp2391.com/llGyZHL4OWKHzPuTLy2rA92fBzJqAkTKqCm1ywKgHkRvojcqQWBIlMuzNQ_xkV3q8sfyZoNRDtSVQjv6Z9V7gh8Y1GWUSOb8X1BndmrpqAMXNU0doeyzE6GAVqs_JbqC?sbb=PY86MemXCz3IYFqZ1uwJ8cJJ1df51fsYJJBvxQykoSWrzhC6XfvhdEKPbMlMPxvpTgDb4bBqp16DyiPl99IU8HEU2Oi4UQd4QyytYfAbDmtOcDpS5dw6ndFQ0AdgABeIWobgQA7ZyeE7klKEy5wx4ldF0gK6MvK7tDv16SPphp4BnUrnjeOtcW0Us8S0RBUi18Pn52RcrXzGJFpkTWY9mdx2WP1on7q0IC2wxMzgWThzXrloEiQ5Mg4ZrBy8GEejfkC9D8Mw1tg0GtULLpywxVLtV30XuZruFCKn29l5tbDjqKvzKNw1SGt6ZwsPw9aJzhJ79KZFnfJLeYoVgm9819PPvdBwusFQeoMkhgW0Dbl8JmajhR4JecaiJqLrRnjXvMPEEAKSNYHg8J8dS2DxCK8QtTY1MfttwmF4G1D6y0PRLkLtsQTiQ2VLAKxoFN4m0M6RyZ9WaQvNANKZyA4z09i23fY9bijIuvOIUQPhQTYFGIyXgWg1NzDAafQtfPHmcWFdLM1OGnvpwJ2CSpcZMcXk43cMk4luUCRweCGPi4kDxJSZFaIc7nHGqNhRNA6OmAt3cNkvdfC4KxYi8c0Kq7yfCbv1gVZtTSJglw4LnMCRrYd0rKhTlZCEYAe4HwqXhliDQjKYiqGh8pdZ4KcCwDdIBcXzjWJykD8IZiwFEQZt94VRNlfKB9Hv1yCvunoxVHhjQPzjKmnSw1Ul1tkA3IFtRu6F2fBwwFymfeXBzhN7AFZS0CcU7Ow75PnXk1XSp2y91NmTyoJ2ZKShk286GvPaM6mMfx5BFkBSvo1FKTKcoXHWXSY94iFV2dTapM9CSbCLS2Dd7le

http://ttb.lpmxp2180.com/download/request/.../CJzxGx39?__tc=1411227050.095&lpsl=599f0fb49ba5ca56bb39ba67e0be4119&expire=1411313468&PubID=269693&tgu_src_lp_domain=www.prosoftlst.com&ClickID=25350999721411227067&fileName=Setup

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.