» setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (35)

setup.exe

FRAPS

Beepa Pty Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Fraps. The file has been seen being downloaded from filehippo.com and multiple other hosts.

File name:

setup.exe

Publisher:

Beepa Pty Ltd (signed and verified)

Product:

FRAPS

Description:

Fraps Installer

Version:

3.4.7.13809

MD5:

f5be790a0a06ffae0887cce23918b5c2

SHA-1:

de448ee73b396c8d7d422fdc177e1da9012c5c75

SHA-256:

01bb784f9f9c561d2a899b33714a188ce982ade7c1a2a4afe17210c8f5d51d50

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/23/2024 1:33:25 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.14318

File size:

2.2 MB (2,303,832 bytes)

Trademarks:

Fraps is a trademark of Beepa Pty Ltd

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\fraps\setup.exe

Digital Signature

Signed by:

Beepa Pty Ltd

Authority:

VeriSign, Inc.

Valid from:

7/15/2009 3:00:00 AM

Valid to:

8/30/2012 2:59:59 AM

Subject:

CN=Beepa Pty Ltd, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beepa Pty Ltd, L=Melbourne, S=Victoria, C=AU

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

61BA7137F92180F6BC4CA2F8DDB339C8

File PE Metadata

Compilation timestamp:

12/6/2009 1:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:7lwpmvPaK/jFapFmETAx3oXyz9LymVp3WW66KhJ9e7eUF0LHWLO2msyA:upQdjkbfy3oXyz9LpdHCFeSS0LHWLOg

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9978

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been discovered within the following program.

Fraps by Beepa Pty Ltd

Publisher's description - “Fraps is a universal Windows application that can be used with games using DirectX or OpenGL graphic technology. Show how many Frames Per Second (FPS) you are getting in a corner of your screen. Perform custom benchmarks and measure the frame rate between any two points.”

8% remove it

The file setup.exe has been seen being distributed by the following 35 URLs.

http://filehippo.com/fr/download/file/.../

http://dla.uloz.to/Ps;Hs;fid=43689747;cid=639671704;rid=271341677;up=0;uip=213.192.19.30;tm=1487689546;ut=f;aff=ulozto.sk;did=ulozto-sk;He;ch=8394ff8836d3949491bab1855ae323aa;Pe/.../fraps-3-4-7-exe?bD&c=639671704&De

http://filehippo.com/download/file/.../

http://dl1.filehippo.com/.../setup.exe

https://dw.uptodown.com/dwn/tlGcxxe94MmJLVGGPTbeKdInCNzQT_DjOYUS6HO5oVBhBKgfKqWRUtfbT4gCwhN6rZLi67Y67PEeVlOzBYWyEzqF9IqJzuV1LqxuGEfRtfE6M4AWWI30ZKg2c_1aqVRx/NwyqdM-pcrzXo09STJEjkP80CsafMVk6Mhaj8-W1gJsnUs6x5uZXMW4o4Ec8tL-Lb2hQIbasmu0ZxJOFak-VWDltQPhiavoTAV9o5eF5HGa2W5hYr-Fd_ph_dLJ-w6PN/PLa_SwNrt-wJ51m27l-GkzavI87cxare5NdPB12EFFeRC4rFUhnPoWb6Wyn4XUu8jxOSeFEr2pgOwaKFrB99qLLxoWG1AvkD5h6NcTK9Gc9D1LRuME4li2uCxzifPmgn/.../

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/wZ-pVGqiX07U7nzoqyHTUY8nV7cQWfvAE3SFZ_3x3EqFU-8G5f53YJl0nddZRpB9if0a19RHgYjz3O0Tj1vbtL3ysGDUpAYTGn_BTif1p-Eaf5n3zbK_I-pnNXw4oJo9/bmynjk8vt22MJqMyenU7K91j6WO7lvufQbxUql2DRqw8Gw1Ud5ngIeQVkDckrX8d4I902798rFbhqBNTwB0GD9hIPkzuH-rf6y93mpOXN31ZbQtejgVnDITfslNDSxYj/BbUSGA8loguvB_H_1uyhJgF3ro_W0v7jv9OqPGTzxJZysjURPOkxpjL0574aK-IvASXmvjfjrMN35D4yoUgwW8b7m_mGrDSWa0icRvuSg0hIwmKT4yXPOr9r5L0696ZE/.../

https://dw.uptodown.com/dwn/QCQH5h8NMF_FHcHKZYs4FW_IYnMvmK8BLqBXDmKHg-jkNZidbHlPk2em3fJ-H4T79qeODW2zRckN0xBnCekYIyirpH34lK24Ft3otAP80nsTiMotXisk6RZl_GGOeM1i/NOZKl9KvOxjPRmcGl5iap7ZaXj3Rmso18r_zmHw8CQCz23Iz8TQalyhYReKC2Q2gUSFkVmrj3nosjQEEJPmLH6DMd4U7wQ7r05cGVkCXIXb2aepFnUJ_kuEFBCmFrjse/LvyhHaLUobjL0pYBM-JgO-w3ZsKvf9_nDgZn6ETWyaMAnFytgCdfN6x-Z6kRGOh8wfovgqrtgQ7lUeSLSUByXgkkKOHAWBThLlaxXV69bMZy3jNxSxE16ZHBsEvuHT9-/.../

https://mega.nz/temporary/.../iJkFFAjJ

https://dw.uptodown.com/dwn/At5NHtGuQaYar75IOzmo1TO-QkkOQvjbdiIv-fKwTdeV46gcHe9VPxujtDrjeBVS3CAZ7tiCP_umZ1gjXtdHXwwNwFKtJQBVVSg_Fq04dAS8kdUtVyyjy3XOvHJtbN79/RF8fKFjWPnd0uuCZo6g12esztwGzLWZKhLA9MKxUya8Kovu4iMMV04s8utrE67Esm0q1OfFaEQBL3zHvBoDBE9Xc2DWQyp1lA4BP7dnPm8bqppPrjZsEn_RsssyjFCaX/wIBwjN46OA3B5711iAe782w8mMoLf95yEfyAJe8qLqwBuVoBOHuq1xvZfefJuP8XD5ibiagYI_01VrkBXCmOH9yvV80TY_xyKOlsHdjib-MWoX8gkGGNjvvh8GcH04Nh/.../

https://dw.uptodown.com/dwn/r656qKVf_0dSZazIRQqkwhVmlk-Kf5AJ0uRsiL6UAtiK3I9MmH8Sejtg7M2CDJ1ySCEs4BFy-Gx73B9RJeVjQ7CAV-WswVM33p_6PLqHpFlHQ3x-ba7C7H3DwhuLBipn/_afFbUE4TywzBRF2I8Jj1gSXkRAIcfcz3Uuh6m-qANsQMOE54srnpCXJSOBK2IgReyk-hNP8_Pq6dDspOyli_3UcCAk0Cvom6PvrQb20xA0CQVU41PXUBpkPlVEefaFR/bEtj1tAm5WGflpVsgucgzo1Bwfi2LecUhDoGlf7l2L1PaSAfmt6ltodcVh6dDMs594TigsnumkYfHOe9VxLreB7qsvOTEV8BspL4yw1it18NTOtI0GxPASPedO-JvtwL/.../

https://dw.uptodown.com/dwn/XCNg6A56KejgvsNO77PIZo1inoJWlzW7ybUhl0a2OGE0qwt0Az0rlABVFLMCV5VoLLuPlaeWCpVLsyJVgB3EGYS_CM-_13O2Kf4EvfxnxMLybzDN9nHnx_m_AgNe9HC3/3r8Zf3GizsVvoc3-rYONVbvI24PQrhs8JOEFV_QHzDODbVrh-SiPwGirGgcjr2aRW1Uq_Vodd2THkT4gD34FnppnjbFSzEwjIGWe0Elb016hWs5VcrxDBh1SHg4Im6zT/h_3ezatOuiqR1T5DUrCXPAr1cB0XHkPQnGHC-Vt2B0EzYsIJvqbL3gL-Urd77_fM5-45wLQ01wbRz2X6lFm-DVHwjVstW3qw9rWBP0p_NnTCIVMz_q5xlgFpEXOsx4Ar/.../

http://letoltes.szoftverbazis.hu/oST8ePYAIRtq28enYnU8AA/1462375862/.../fraps-setup.exe

https://dw.uptodown.com/dwn/_5x_ih-Y3sebc9aWI-sVNGfz8FanvJ2113k80SFG4HVCUgL9JjFe0rs2FIOhhrnjbmxvOtf-dcMkU38QBSJJSZwXD73LOV_66gf7fDJ3qmEEthHFpz2SOerg5a4MSyGt/91aQKfw2h6jGqLZLgoFmhUfAO3HZi9jRmuyHt3p8scGM9PpSUtHZkm_ltu30OsO-PlkLpCzxEwhJJVJVoYdC7yObC5QPQch_Ah1yHNo7yVAtLtD479liZ3bGqviTFPzu/nEgGH6GRbKjeYkB8Zz5MgNm7MGTwTrDnLNZ6j2CvPdBv1XgZFW3h52QYO85fTdU3TY5gYzBGiLhDVgN9gb6SK7BHuzX0-Dh0ZpQ-5goKD0gb4THLwi8a338oDqJFucfE/.../

http://www.filehorse.com/download/file/.../

http://letoltes.szoftverbazis.hu/QTF82eS58MTmu2z9cgciww/1471713672/.../fraps-setup.exe

https://dw.uptodown.com/dwn/HhPH5e3l0bryjvRp76dpBcaKVSDVtxT59FHCcODeoIagx2zT967ozB7rT2Rv98XlFjy3GXUdKFA9SDextmFZRe19htSWh4jQ9KprMv3To5jDjhNBVYBZs3J71AZ3jS2I/guG6plT_0yKx1Bp3RScNSo-StImG5C2pMoChdroAzRKp89-QsEexrYeqpCef0uIXByJcWiA3bXXLcFLBhKdplJYdD3DZkcnbTHJ3B6nuX-QEbrqZEzVINFpy3dqyaYg_/PvdySKxSWpo3LTpJJbrnT88EgbNMmiKk_wqBvsCsrqznGZ3wFAdEwJzLmtYq7GJlHwAtsuqxZLqIumLlmeJhZfav4jOuOoO_v13mEtuHAulInuW8akoTROo9PEjjRap6/.../

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/EIrLjAlPmhUlTmtg7VL2lLr-gWzMNh74JSnwgoS-lYi6MUvpVT5O2GxZdAFd5Ekp9Q3LaZgnhS--8XEJPHL9iQT9ewEG9u4mD4gzrO4WDJuehV4Jqy3GkUejBcsAKi2T/dMKGY6YJPYCUnnzglhsE4zNtnZqF1CQET3NqXUu6S74965wAKBCOBtK-Y3aoko3sfeEEAfiwUWogenJQj3pgTzi2ANvc-UcDx0cHUa5GchzVWsyzjBYlwxrjL80KAXFb/.../

https://dw.uptodown.com/dwn/BeFoEqA8OZ1U_Z_2joK3OH2eyVLhWzfntnDKw6jBQpRd787f-7v2AfW11fYgrG2uEkC1-BG3UYcJdcOTNfqo_F_zKM1Uwis0dvR2RatEmlPaAOnPV34RgOBW-sfZlpnd/Kyj8sD10RHLsL6PK-bMxF7D53yPOvuoEO1kDGRvGuqzOBQFrdf4q5cW6E0oSCqX7fjKqXers57mC6Gstrvm306wcGxeYi6LxDnVGeJXLA-pkbPaYVfZ2hRTh55a40lgn/.../

http://letoltes.szoftverbazis.hu/1OnwO8CdIt9lP_WbMqB4Hw/1448109112/.../fraps-setup.exe

http://letoltes.szoftverbazis.hu/Ywjr6WJrJvf9KIUdBmZxIQ/1466008173/.../fraps-setup.exe

http://dw.uptodown.com/dwn/vPeoLnYtZj6d8qTiqzLwUdjtfZ_0GseLT0THqbCo_nuW75Fgo4PUBN8R4AzQhMBZhxuBJJE680uzM-ZEhsAc6On3e-s_NrCPs00N8HjOrP2NorwZq8WtxWPxaeYDPwK9/hMZGJ0zjlTKPn97stS-h3FLIY3Ef8GapsudOXOO2WI5inBWpbaAmkapXYvZKTpPzBojAGlvA5ucYO-h36c1BExsMJlihyqyLiqcguGhjIyxAaDfx2--3zfmP1AwQX7uf/.../

http://filehippo.com/fr/download/file/.../

http://filehippo.com/download/file/.../

http://filehippo.com/pl/download/file/.../

http://filehippo.com/es/download/file/.../

http://www.fraps.com/.../setup.exe

http://filehippo.com/download/file/.../

Latest 30 of 35 download URLs

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.