Setup.exe

Code Techno

The file Setup.exe by Code Techno has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from freempr9.jrcaaa.com and multiple other hosts.
Publisher:
Code Techno  (signed and verified)

MD5:
af3e0231e84f99f4c756fcb0887b6fd0

SHA-1:
e24cf7ba3c129e3c6fe51197b717feaad7883c7d

SHA-256:
c0fc9fa24757e3eb13f28b2ee492707b303168406c1bc8cfbaa2633ba74ee9e8

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 10:39:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downware
2014.10.12

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

AVG
Generic
2016.0.3029

Clam AntiVirus
Win.Adware.Downloadadmin
0.98/19501

Dr.Web
Adware.Downware.2220
9.0.1.0214

ESET NOD32
Win32/DownloadAdmin (variant)
9.10885

Fortinet FortiGate
Riskware/Agent
8/2/2015

F-Secure
Adware:W32/WebInstallBundle
11.2015-07-09_2

G Data
Win32.Application.DownloadAdmin
15.8.24

herdProtect (fuzzy)
2015.9.7.12

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.183.13642

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1641

Malwarebytes
PUP.Optional.DownloadAdmin
v2015.08.02.05

McAfee
Artemis!AF3E0231E84F
5600.6685

NANO AntiVirus
Riskware.Win32.Downware.djahkt
0.28.6.64267

Panda Antivirus
Generic Suspicious
15.08.02.05

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.DownloadAdmin.CodeTechno.Installer (M)
15.8.2.17

Sophos
Download Admin
4.98

Trend Micro House Call
Suspicious_GEN.F47V1215
7.2.214

VIPRE Antivirus
Threat.4150696
33706

File size:
821.9 KB (841,664 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/26/2014 1:00:00 AM

Valid to:
2/26/2017 12:59:59 AM

Subject:
CN=Code Techno, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Code Techno, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57F2A4C1987266C5627CFFB542729A0B

File PE Metadata
Compilation timestamp:
7/15/2014 6:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:txpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8SK:fp9sVuaVdvgVbmgGDijyikg5K

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

Remove Setup.exe - Powered by Reason Core Security