home

setup.exe

This is a setup and installation application. The file has been seen being downloaded from admin.thmagno.com and multiple other hosts.
MD5:
f1804c8b9c9ef968ef90928d793fdbdb

SHA-1:
f619b5a1b7fd03141f85e60fba65e7a222fcef98

SHA-256:
bca879fd8125b97d1331c272ed2c1cbf88a5bf3fa9b4d330e3ca78cbc603822c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 12:34:20 PM UTC  (today)

File size:
2.8 KB (2,842 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
48:Y/McjGCHgVSUa/naZ0hEzC78Nh7SdWiz/uBBBpbBNjmBCAW9plsu3j:ji9Hvr/n00j78Nh7SdWiz/gBBpV+oN

Entry point:
0A, 3C, 21, 64, 6F, 63, 74, 79, 70, 65, 20, 68, 74, 6D, 6C, 3E, 0A, 3C, 68, 74, 6D, 6C, 3E, 0A, 3C, 68, 65, 61, 64, 3E, 0A, 20, 20, 3C, 73, 63, 72, 69, 70, 74, 20, 74, 79, 70, 65, 3D, 22, 74, 65, 78, 74, 2F, 6A, 61, 76, 61, 73, 63, 72, 69, 70, 74, 22, 20, 73, 72, 63, 3D, 22, 2F, 6C, 70, 72, 65, 73, 6F, 75, 72, 63, 65, 73, 2F, 6A, 73, 2F, 6C, 69, 6E, 6B, 76, 32, 2E, 6A, 73, 22, 3E, 3C, 2F, 73, 63, 72, 69, 70, 74, 3E, 0A, 20, 20, 3C, 73, 63, 72, 69, 70, 74, 20, 74, 79, 70, 65, 3D, 22, 74, 65, 78, 74, 2F, 6A...
 
[+]

The file setup.exe has been seen being distributed by the following 10 URLs.

http://admin.thmagno.com/8gLTED-O9uYAjCrOUYStC-ekD5SCCyTn_J_jLnSPKvLZfV2ihV1JzeonVODkbknXSLIMqk98Sr1-8L1bmdeQvNQOenLG9i8QX8nwSK7hOkqmf_G-WhlWIijITwxk41s9NolesSTV68Sq3fEZzzsBqyMKpAT3bch3r44hH3B03otX8537sFuNXqTGkEosu3UTvMb_ChzwM8Q0VMk3tsG060VpDOQSS61CsirNsbMaOSOzY36JB_a2cLxujWsmXybr7Gvj7a6ISY8XlDYKiRnhWX1HddKU6WEuGdEsQx83in_q0gGerd4Yiqb5hpBYdAFq3WCN1qWaH4gVzvAx0JA0G5xwHvQwBEZ-m9gdkzVmP946vd9eDO5C1JIgr9xz8k6ogKEr36KNSMeVRkH3Vrb8WGJP_grQIc-7JPgJ43YsSfWiRF4n761OC7x4kRSMaZBY

http://admin.magnoft.com/fPGe9E9xeOZH5r6ja43INK0n0yCxk0nT81QRyoWCBYDiTW0aW_SQ-9H5sUl-GAcGp6UZ-svGqYfKkiMRoAay0cLPzvhtLkL0R8nwZ2ocg0po-hJFaXR4wuDj8ep3QXhvQTmoq4X1LIuyOGKDmbZMu-2QhPQHC8s31OY8TzQu-axl0FMkbc87A--CT9Kg5qLooG3KRiWC-Gr9ubmqGZR5JSRRSh14WXgnuH8F16VWGiiC2BGCmYogpo_9fkTvcjduJAU-_3-j6K039q7WlTQxO79FFDzCYJIB2RLm32d06yO4EZdVS-AU1K6bf8munjEcYkXS4Nfrau0W2RTjReIHVg1_w4lH2tLpQsIwt-D5_sX1zbqbPWv8h7IVURCFyqKqxvoxFXKx_GS_OnRemAgGr32Ppcfo9VBaGz_umxB0anw

http://999donot.blob.core.windows.net/.../Setup.exe

http://ttb.dllfiledit.com/download/request/.../oE8FiZSg?__tc=1430154948.628&lpsl=bfdabdccfcc7533bf4e6b25fd26e9b4d&expire=1430241344&slp=www.mytoolfile.com&ClickID=553e6ebf4fa55b607d8b5a54&fileName=Setup

http://admin1.tramagno.com/jYmwI_MIFhULR0wttsBrFEOW0hbNlv9FAKxQCq5HlywBevBv1IjKEHgYCHy2ftE1GdQUIDsLj2nT3tksR7e8t4HTm-CU65FrplCsMl2mRZwx2YmZhffDNUhaUj5scsoNxGn3rAciyVYiu1heJfj9nw3YqboZjsN5wj8x0ZzAdvBj_iquqIEqeZAdpuwljTLayF_uET-rVe8GuVg992MiG2i0-QIwOU79drwIVvQA8Trt_hLDdvJcdcKbfb-_eQHl3AIZxU24vci7_29p5JrLX97923vH7pncRe3pZRKlCP9AZJlkaFICmXzdcpX_kr70eLF8yUD7eb9tLgOVEf78Nnm88V1RBC8sjP2oTu-_gAkj6leBGV8Pbt0B6nQlORjTTM8pUmLi3_LVIwVkG8rWYSyceE_8v70PFKK8gHAibaykVH1C1JtIHl90LtPdC6r2

http://az844121.vo.msecnd.net/NnTdmOCkRVA-xlVMQzAAQJ3m-MymsTfgx6lb_sTJgg6JOUFxVVa9L6EcGhR4eZZopyt7x7D_seg6rFS7xQGA5M4JgFR7cKAFr4px4CpyyN2z97OY_wl09Vb8RR0XHl6t2xHXQoTaUHCeYZh6FCqDcEG_N0XXYPY8vkCPNSpuScgZv0N-Lek3AUuMSJROCZWocO_BLS2YrAiwX3ZK0xAYWnaiP7QY6JOXWN-V35odXa7EePK8gXtg2LT9lWe4zDa0ZHpMAM-YnuQP1L631NhFsm4AnkSwkx1ohRImLX49qHIz3QlQRUYoLQpDirdCVGTct9mctqyR7FOUdgTP6fHr_YgRImOMq91Qq6wTqWk88oLaxoIyMQMpHrJTv63CpXkZ4DtQvkRlXSC4_pfnAOiUTAdyF0Nq91nhPwHljH3jEp0sEpZBUCtoZEUeg5MXtuxN

http://ttb.getsoftwred.com/download/request/.../9IIwciD0?__tc=1449393476.513&lpsl=49f3ae7cab1a522a006f2cbd0b0c32c2&expire=1449479811&sid=ODAzIzE2MDMjMTI2IzIwMDR8NzY4NzN8VUt8M3wxfHw&slp=www.newsoftin.com&PubID=300&fileName=Setup

http://admin.themagnor.com/5L9jfyCEYPjwrNqJ_M1KAwV1bRiAK4gBgnR2PnYBwb_WFQGea8WtKzh7ZKxDQWj1NeIu0X9ZWAsWCUvUkWOEKGKpQ9Yk6XruMdRtbYpVVcgSuKXGH08smYapQFf4p9ULhL_DFBzkOPd4XSjbiWLTf5n58wU2Cx8aVTpsis9YvGHcejzD21GmpiScuFRzCN2_GkarzvjWYvNzbdoYwh8VuuCIdD3S503Hj--rDRZCXbonm0LTcxtu1-051Bz0LaEuUZNTFgujT-liPsKI7Bf2i5C1-u_gt6q4bvkcOLxjE3JHvrSN4ddqzuqOzctQzyE4EXkS96z_YdIcVSVlxDjhRFoSP_GvrLwDl5n_zrJ_NYdSC-p7IBzjVTcIgAD3SJhL0a01713aUoBUB4F9Pir5g19iMkAE7UafvWRKMFQ3QSC1ZU1l1csuhQrKipKdMmH4

http://admin.magnoft.com/5v0_ICK4WZObtn3AoxFgKW8TVe278XzlVL95jW5UHV6cohr7ukaF86IFFVn13k4AxMExvUaRuF8waGimGMUXe6pro3_5d7X8qkKm-p0WKizzqiuwbMeK2Z5JRwvt_5-5_Ebdiv-RIFe_YPhiR-kJkuvno6urSa6feu_1uGXU8xbPkVJsJT2jkLe_hGCtzRPjOIKK2Cg-xtB_pevUeMA5ogfURvrV8m2Xg_QkXDBHAs3YBD-UsZYKNKltpnKkl2dIyFLi0d_O01fz6z28QyHCrbVpFkO9BVvKTnJvgIckBH-OhTS0aBS3hPbb3ZTHaPY_5X14iq-hSynkNXXaDQUtJw5LFb1Rvy4Hy2j93477Sr4K28JgqHM5dvR6kbcHDhnXLYM0Z9_d6MtCphVa_SQNcCVKxGBmd-zhnPfFK6XHgspKYW91anqRV19wlkAA9VIy

http://www.url-removed.com/

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.