setup.exe

FRAPS

Beepa Pty Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Fraps. The file has been seen being downloaded from s6757.chomikuj.pl and multiple other hosts.
Publisher:
Beepa Pty Ltd  (signed and verified)

Product:
FRAPS

Description:
Fraps Installer

Version:
3.4.6.13748

MD5:
139b77fb6abc9b949e59d61c1bc79fc1

SHA-1:
eb89574ffa995e515f07a764ce15d22dbe311dc5

SHA-256:
23ec1609a8d05ce27973accf2184a59dc2c5d9c868ecc76886b3374284136805

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 2:00:25 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.Packed!1.9C4E
23.00.65.14322

File size:
2.2 MB (2,309,616 bytes)

Copyright:
Copyright © Beepa Pty Ltd 2011

Trademarks:
Fraps is a trademark of Beepa Pty Ltd

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/14/2009 5:00:00 PM

Valid to:
8/29/2012 4:59:59 PM

Subject:
CN=Beepa Pty Ltd, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Beepa Pty Ltd, L=Melbourne, S=Victoria, C=AU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
61BA7137F92180F6BC4CA2F8DDB339C8

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Bs0qrPrbcNTStG3eQ259Il+QMVnsbXo5nt2V+eTAmzeWxGG:Bs/7cNZezIlKNqXobm+Ybye

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9978

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been discovered within the following program.

Fraps  by Beepa Pty Ltd
Publisher's description - “Fraps is a universal Windows application that can be used with games using DirectX or OpenGL graphic technology. Show how many Frames Per Second (FPS) you are getting in a corner of your screen. Perform custom benchmarks and measure the frame rate between any two points.”
8% remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 24 URLs.

http://s6757.chomikuj.pl/File.aspx?e=xJDynEccCh6ICCvazBnDMUNH4yw835uu7J5ZLDvmmHg6lmmDsoQYbp3YlX-EK8i3_VgpIvzibAR9zshz48s8PRNviOfyA6wFNXT6co6sP0wHg-BAAEkRV-IJMVqnhIZbstEsChS5iFv4HNYi2eHwKw&pv=2

http://s6042.chomikuj.pl/File.aspx?e=fIBNxmtZzeLzTDODqAis6tSWll5ybWMQsm7286QdTEtROrD54K0jr9dzdX1eZKaZFHxkhc92Lj3unYaaFuEuVigHtj0exCFSwi5Jd4tL37odTcgqbaP1xJvmFyNrs_r7v3XOwVi5KEShbA2fyNapeg&pv=2

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://s6757.chomikuj.pl/File.aspx?e=xJDynEccCh6ICCvazBnDMUNH4yw835uu7J5ZLDvmmHhUUCFHNpU2GH_9qM_dtvy7O-P0sqLsE937f1HwartUH7vMe__vANKybXZrKOSf6Hx_SoVp-GBDUnGanWxHWb73pAbgJGxl-cuIbpGeCSk0vQ&pv=2

http://s6757.chomikuj.pl/File.aspx?e=xJDynEccCh6ICCvazBnDMUNH4yw835uu7J5ZLDvmmHifTAsukjA3pzbGRnf0gurPNda1PAeDEpY3Yjw4XCQebZFUE6xQdWY1rzejiihqi2n2DElOEK8sxEVraW9OjKgDe4qP8ZOAQhaWyZ7MMuhgUQ&pv=2

http://www.filehorse.com/download/file/.../

https://dw.uptodown.com/dwn/Gk7k_9It7bFb19Wcd0CdQOAnS9zlnuU9tsmMDZzN6CaRng5chY0HQz-iUnrCq9JfAHl7GhiS6FiJfBESe_sPj5KB9aXilkNHJHSNeo_t9w-MmCpvW9Y9Lf265xOSPG0M/aY3qukEqMf00Vcn-e6Y_OdnGS3NBq4smJi18uXbwoTvsFHCtp1yP8CNh_AUMIdw1nSvininELGJuT9igSHNf_rH2jG1A-E3BbodgbWq-Cdqau6gdtKzigRsqCs1UasQh/wvsLBAdF2s4CHKZIhc9wS3OA84utY2kkQtvyzAbLMw-wnZlEaCw8ipz6dIux52vsMeUiETPsiR-aJtvdlqsVOVtkhA0Xa8qG-ZDxbzccUnDzPiTOgmT6lrFHaWbr3efr/.../

http://dw.uptodown.com/dwn/d40urNAeokDY4QmcFukF9vqxSzsrpykoU2QYA8u0h0t9M8AvEdll6qOFRsnZb0pbigw-_wLKKs-nWPCyTu5uPOxnEBCiYnYSsCkyMjq7uRiDn1q07wvAQPIBCcKWPAIB/.../

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

Scan setup.exe - Powered by Reason Core Security