setup.exe

GameHugArcadeSetup.exe

Jenkat Media, Inc

The application setup.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.verrsin.net.
Publisher:
Jenkat Media, Inc  (signed and verified)

Product:
GameHugArcadeSetup.exe

Version:
1.0.0.15

MD5:
9543bd540ced172bea0c861f01162a01

SHA-1:
fa60a0f0b786623382f9b3212c3a0739753959e3

SHA-256:
ba7cec397b62fbb560f39e3fc6fe061cfdd32e00dc8954e6108c6876041af628

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:28:14 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Jenkatedia
2016.0.3230

Dr.Web
Trojan.Domaiq.22
9.0.1.013

McAfee
Artemis!9543BD540CED
5600.6886

Reason Heuristics
PUP.Installer.JenkatMedia.F
15.1.13.19

Trend Micro House Call
Suspicious_GEN.F47V1227
7.2.13

VIPRE Antivirus
Rocketfuel Installer
36602

File size:
132.3 KB (135,464 bytes)

Product version:
1.0.0.15

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/26/2014 6:00:00 PM

Valid to:
3/29/2015 6:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 4:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:FuxkZuTXJG0RnhT3uuZ9u+m3Yf4z8FOngDv+RX/:FSgS5JZ9PmIfw9Ov8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.4128

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security