home

magentsetup.exe

Mail.Ru Агент

LLC Mail.Ru

The application magentsetup.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Mail.Ru Agent 6.0 (build 6005, for current user) by Mail.Ru. The file has been seen being downloaded from exe.agent.mail.ru and multiple other hosts.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Mail.Ru Агент

Version:
6, 0, 6005, 0

MD5:
7b50be18d9ce773f92112e52d999a5db

SHA-1:
5e19f1ce783d45b3fa013e80baa3360a6e1fdce7

SHA-256:
1c4bc300d35e1ce2ef184d34010914cfb0b0502f328c097c4fe568263e73eee3

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 4:51:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.L
14.3.31.2

Sophos
RsMall
4.94

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
26094

File size:
26.2 MB (27,516,520 bytes)

Product version:
6, 0, 6005, 0

Copyright:
Copyright (C) 2001 - 2012

Original file name:
magentsetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\magentsetup.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 4:00:00 AM

Valid to:
2/7/2014 3:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
11/15/2012 7:28:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:QG4h4jZ9oGZbBu3uwPKowN1Siv6t1qdznK:uhYZHBu5K9HWqK

Entry address:
0x102C5A

Entry point:
E8, 10, D2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, D6, 2C, 50, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 2A, 3B, 03, 00, 8B, 45, 0C, 8B...
 
[+]

Code size:
1.7 MB (1,805,312 bytes)

The file magentsetup.exe has been discovered within the following program.

Mail.Ru Agent 6.0 (build 6005, for current user)  by Mail.Ru
Publisher's description - “Agent Mail.Ru lets you talk to your friends and family from your iOS device. Instant messaging, free audio calls and SMS, photo and video sharing and many other features.”
www.mail.ru
About 1% of users remove it
 
Powered by Should I Remove It?

The file magentsetup.exe has been seen being distributed by the following 3 URLs.

http://exe.agent.mail.ru/magentsetup.exe

http://mobiicq.ru/downloads/pc/.../magentsetup6.exe

http://rfr.agent.mail.ru/magentsetup_rfr350.exe

Remove magentsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.