home

cpsetup.exe

The application cpsetup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FilmFanatic EPM Support’. The file has been seen being downloaded from get.slfdio83rh.xyz.
MD5:
bd8afd92ab654ed43058f12d04f7f110

SHA-1:
7e7fbf9980a4bdce4e42fced3b5320161988fd2e

SHA-256:
d00338d2b3c1517347859db5389894a13e18666ed8e2b25b46bb013950332e5b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/29/2024 10:44:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.iStartSurf
16.4.3.2

File size:
161.5 KB (165,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cpsetup.exe

File PE Metadata
Compilation timestamp:
3/30/2016 10:27:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:p7o1w+GSkAJXtcUN3k/krm1/G+NglVJz+Q1k+Q1aDW/W:SOekAJX7+/GLPmW

Entry address:
0xE913

Entry point:
E8, A5, 2D, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, DC, 37, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 10, 20, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, DC, 37, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.6255

Packer / compiler:
PEQuake V0.06

Code size:
101 KB (103,424 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FilmFanatic EPM Support

Command:
"C:\Program Files2\filmfa~1\bar\1.bin\pamedint.exe" t8epmsup.dll,s


The file cpsetup.exe has been seen being distributed by the following URL.

http://get.slfdio83rh.xyz/?affId=1006&appTitle=fifa16_crack&s1=16&s2=5036098&setupName=cpSetup&appVersion=2.92&instId=11

Remove cpsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.