tempsetup.exe

Axlio

The executable tempsetup.exe has been detected as malware by 2 anti-virus scanners.
Publisher:
Microsoft*  (Invalid match)

Product:
Axlio

Version:
1.0.0.0

MD5:
6e5d657e1a66415ca4a4868a2acf1f81

SHA-1:
d5ee2487b26f03dcc7b0d0733d137ae32458ca16

SHA-256:
3c90183fd15488b8b1df358dc2656bbac2e5b9898e67e19fb5e26325cceab62c

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/26/2024 4:47:14 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/TrojanDownloader.Agent.BPZ trojan
8.0.319.0

Norman
Gen:Variant.MSILPerseus.1007
19.05.2016 05:17:13

File size:
313.5 KB (321,024 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2015

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\tempsetup.exe

File PE Metadata
Compilation timestamp:
3/5/2016 11:16:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:nVn2+wCU1HOu0kibqI59PpOPf201/z7pe+:9ZwRRykibqI59Pk2cb7p/

Entry address:
0x4C45A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8327

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
297.5 KB (304,640 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (14.177.167.102:80)

TCP (HTTP):
Connects to ip-50-63-202-8.ip.secureserver.net  (50.63.202.8:80)

TCP (HTTP):
Connects to ip-50-63-202-6.ip.secureserver.net  (50.63.202.6:80)

TCP (HTTP):
Connects to ip-50-63-202-18.ip.secureserver.net  (50.63.202.18:80)

TCP (HTTP):
Connects to ip-50-63-202-10.ip.secureserver.net  (50.63.202.10:80)

TCP (HTTP):
Connects to ec2-52-23-96-219.compute-1.amazonaws.com  (52.23.96.219:80)

Remove tempsetup.exe - Powered by Reason Core Security