» aff_setup.exe
Overview
Analysis
File Details

aff_setup.exe

The application aff_setup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

aff_setup.exe

MD5:

8aa80d35930ba47d2447bdd4edc29674

SHA-1:

1c4ba2376b3e2d65190676ab193824861619f781

SHA-256:

b1064317e74f2ae654b6db1547e9e275eedb7951a15efb60cf3876f0b17f5b41

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

4/25/2024 4:56:18 AM UTC (today)

Scan engine

Detection

Engine version

AVG

PCBackup

2016.0.2913

Baidu Antivirus

PUA.Win32.MyPCBackup

4.0.3.151127

Dr.Web

Program.Unwanted.713

9.0.1.0331

ESET NOD32

Win32/MyPCBackup.E potentially unwanted

9.12086

G Data

Win32.Trojan.Agent.21CN7W

15.11.25

Kaspersky

Trojan-Downloader.Win32.Genome

14.0.0.1059

McAfee

Artemis!8AA80D35930B

5600.6569

NANO AntiVirus

Riskware.Nsis.Unwanted.dshbdc

0.30.24.3079

Panda Antivirus

Generic Suspicious

15.11.27.04

Reason Heuristics

PUP.Optional.Bundle.Installer.Meta (L)

15.11.27.4

Sophos

Generic PUA BM (PUA)

4.98

SUPERAntiSpyware

PUP.BundleInstaller

9483

VIPRE Antivirus

Trojan.Win32.Generic

42842

File size:

158.5 KB (162,321 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\aff_setup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 4:20:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:AQIURTXJ4i45J9PqdLmFLiUJK+r10QhENL2dVCrxlMGcMuBcJ7VjEVN:AsGi696d+R0Qmr/MJr275e

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.7349

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove aff_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.