home

setup_.exe

Teras Games

Positive Technology

The executable setup_.exe, “Teras Games Installer” has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Positive Technology  (signed and verified)

Product:
Teras Games

Description:
Teras Games Installer

Version:
1.0.0.0

MD5:
074bfb27ffbed186be52cb33234bec6b

SHA-1:
617e3ad576ba269aeee02b7c0f38400eaaf24445

SHA-256:
236a9bf888c9d5ce4627fea797ec3a1d41d81749fb4fa8535f19ec6fe500a6b4

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
2/26/2025 12:50:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.29.6

File size:
4.2 MB (4,353,728 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Positive Technology 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer\setup_.exe

Digital Signature
Signed by:
Positive Technology

Authority:
GlobalSign nv-sa

Valid from:
11/21/2015 6:18:47 AM

Valid to:
11/21/2016 6:18:47 AM

Subject:
CN=Positive Technology, O=Positive Technology, L=St. Michael, S=St. Michael, C=BB

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121AFE867E894D0A51498A62CC7D936A1EF

File PE Metadata
Compilation timestamp:
11/29/2015 5:34:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:7UtkqXdEIlWyXrCAHzafviv/3eImbiQT+7dN5vzgxbQ:oJNEIlXrCozRNeiQm75v2bQ

Entry address:
0x4040EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9866

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4 MB (4,203,008 bytes)

Remove setup_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.