Setup.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from download2228.mediafire.com and multiple other hosts.
MD5:
4a52424ee31d7473bdacda3876a2d9e8

SHA-1:
f13162ee12f8966a1d34076b3ba2841f8b8aeabd

SHA-256:
1abb88620d37ff10a3e17c3361e324cd92f4c6a7555fbf0ddb77692a6adf9261

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/26/2024 11:30:29 PM UTC  (a few moments ago)

File size:
59.6 MB (62,541,306 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:xudlNXXj3OrCjgRVwUl/lkzCnCzlBXNJ/iyZfedlPpJo38mhqaAFpNvsP/aqsitN:0HCCjMBwdhnGdrxmMaApJq7+W9

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 5 URLs.

http://download2228.mediafire.com/xwnaop9lqdpg/.../nazi_zombie_mineday.exe

http://download2059.mediafire.com/2883ivu5yc4g/.../nazi_zombie_mineday.exe

http://download2228.mediafire.com/kp8ri92k8gfg/.../nazi_zombie_mineday.exe

Scan Setup.exe - Powered by Reason Core Security