setupbot.exe

Vtope bot

OOO

The application setupbot.exe, “Vtope bot Setup ” by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vto.pe.
Publisher:
Vtope   (signed by OOO )

Product:
Vtope bot

Description:
Vtope bot Setup

Version:
1.0

MD5:
5b62263bdcc0248a96fdbd5b2fc4cede

SHA-1:
a0cde51b1bd1b2d44e8f354d30a378f9094772ed

SHA-256:
facc1d4be2fab6b69de69f51b46aa3807f46f9328faec4b0d80c4fca10ad5801

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 2:00:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.18.23

File size:
43 MB (45,140,552 bytes)

Product version:
3.0

Copyright:
Copyright (c) 2013-2016 Vtope. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setupbot.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/9/2016 3:00:00 AM

Valid to:
6/10/2018 2:59:59 AM

Subject:
CN="OOO ""Soshal Systems""", O="OOO ""Soshal Systems""", POBox=Str. Kantemirovskaya 5/4/664 G. 115304, STREET="PR-D. KHLEBOZAVODSKIY, 7/9, Office. 508", L=Moscow, S=Moscow, PostalCode=115230, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B0833F8AD9F393DF6B1E28AD4D38F9E

File PE Metadata
Compilation timestamp:
4/6/2016 5:39:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:cuYso6aWR+9MRE63OOwLP2NCNGuZ3+tvW2Cd9QepSloPora2C4i5R9kUs63TZP:7zas+L63RwLoUGu40DdqyPora2C7/vTd

Entry address:
0x117DC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 44, 01, 41, 00, E8, C8, 4D, FF, FF, 33, C0, 55, 68, BE, 1E, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 7A, 1E, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 0E, D5, FF, FF, E8, 5D, D0, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 23, D6, FF, FF, 33, C0, E8, 60, 2E, FF, FF, 8D, 55, EC, 33, C0, E8, A6, A0, FF, FF, 8B, 55, EC, B8, 58, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
65 KB (66,560 bytes)

The file setupbot.exe has been seen being distributed by the following URL.

http://vto.pe/setupbot.exe

Remove setupbot.exe - Powered by Reason Core Security