» postimage setup.exe
Overview
Analysis
File Details
Downloads (13)

postimage setup.exe

Petr Stepanets

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from postimage.en.softonic.com and multiple other hosts.

File name:

postimage setup.exe

Publisher:

Postimage (signed by Petr Stepanets)

Product:

Postimage

Description:

Postimage Setup

MD5:

7d17560df27954a4c4c8ee08cd4ff539

SHA-1:

34d296e397fbfaae31bacbde8adffcf6018cccbb

SHA-256:

5f882bda4f90e8dbd0e9f1c048b4fd235db5bb9ba0f70ac046aef97cf6b6975c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 10:15:31 AM UTC (today)

File size:

5.3 MB (5,562,136 bytes)

Product version:

1.0.1

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Digital Signature

Signed by:

Petr Stepanets

Authority:

StartCom Ltd.

Valid from:

5/23/2013 3:38:58 PM

Valid to:

5/24/2015 10:36:07 PM

Subject:

E=petr@stepanets.com, CN=Petr Stepanets, L=Moscow, S=Moscow City, C=RU, Description=Y9SuEnAuMmqpPql1

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

09E4

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:MfoxhjH428oTUkSL+SwUUGhjROBp4r/ebHPZNyZq/kLvwbSzVww/HSpkXbi:xUoYupnGbe2r/mewbSt/HnX

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9990

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file postimage setup.exe has been seen being distributed by the following 13 URLs.

https://postimage.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPDA k5aYd1hcmnac3FnsbQiS/BrZkkydPYoXFebJVvWuJWlHvtHzk/XWdtKpAtEPDuBG9urqEbf5bicOtI/.../KaLfg==

http://www.downloadcrew.com/?act=software.download&id=32406&t=1472304377&c=7e34633b3ad7249f98d8faf8b76edc70d4be8d70

https://doc-14-5o-docs.googleusercontent.com/docs/securesc/hcdrlvonsksi941ie22k61175asukovo/9ged2s7dod1i46717lcko7d8ltft73kv/1476720000000/.../07189601313965884021/0B-yrL5sWJy4pMUpRSC12OEI3MVk?e=download

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1458107039&Signature=Y3n7tZc2zzm2DIPse7qLPemXVS7o-0-n80GHSHUFW7IHDIRBD0mOiH2wPXwemVo6S5LLRNtgkMf7Ckn5JjxBa4N9GdvnzVLGAyRS814Vpara8R0bGMstTE4Vvhx2kbuvHmX8o4035VIoCWcnblkdM1uuPyp9-lG8NkGmJcUEc~k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://postimage.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPDA k5aYd1hcmnac3FnsbQiS/BrZkkydPYoXFebJVvWuJWlHvtHzk/XWdtKpAtEPDuBG9urqEbf5bicOtI/.../KaLfg==

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1448236440&Signature=BrrUrwT5vSKBgbrerC4FubcP2~8FEamWgkg87kGBToQ9gLsTB5EJ93MW0tqoBXnio66zVblW2YGh8rzi7niLuxvsndjrWMv0oj1F5kmRf2X4zEL7KZw-sJRQByq8Rqk9XT~Z01fzVl-YjLlVHAtZCTDW6pSxSkuef-kSLSI3hh4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://files.downloadnow.com/s/software/13/24/09/.../setup.exe

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1469203613&Signature=R53tlBGcxyMzcLAWDZpQjhPixf~aosEcAOgIr7Tm6gx~9SIhIQgLPDy38uEWorATb4kgwiSJWprP7QX~nymEeT4rDz6VhbYka-WPbMhJcTeegBIRE0PaKN0F4x1~9~~4q8euX5YuI2oPtPBwvJnREZOWNQ1z878KtJ6Ca8ux62Y_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1464192019&Signature=d~cBwaCk08Mx~iI8pirWD0-noibYCy9OU5758TmHn5LVdQaNuuZfPiX5AnojkBEXkPuqCJ8Lr-LUhD4rCpNXkc3n5J~t60IFanKMyGXY8IKSMhf2gsd9Uc7Ck0EgV92bpPV2y--B5sqqctErQQbxv3XSSoJw1d7TnUiLQXNR~iM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1463809918&Signature=VweNubP8arrzvgiUuODUl5CzlTx16SS7tEdDidKFhk2y6LNA7IQ5TRMQo5WrDoAUXddkNQUimAToxwj4A4s12uMoLYGh1budIEhdvSsWhNzmfsYT76Ev9s8B8eQAoSNymenVfwfe6tJEGT1pvN6uj1Rw8tS8EJweLUl0XIynEgU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1455193285&Signature=EyC4~NtmbGV56SDApesLz7~A2p892E8V1GvAo-jJFp05HpuGAQv6BEG7p6Ts11gA3gebegSFwLq-MotLdjGYbTOdu38gTIhAhlfZtfpB79JV8TwDPVubHjufmScGBEfVSmmEpYaaWHP5BVK0uBiYPPnbOMNsQWfdjtxAIm37gqY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=setup.exe

http://gsf-cf.softonic.com/34d/296/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69660846&instance=softonic_en&type=PROGRAM&Expires=1431453367&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Y1C1P1CtZNE8mGsh2p9VldlhOd5pkfIH0WyGAQB-kF1bW1dPxWoOl2saDnjoydY8C7Zk4-EX~DHBbzr-TiAIMtLKwcU-uL2o1E5Gd4sadNppoolSkRM7Zm-yd1bcQ4yKiBSjmqWRHw4thu314c4ivY5lWVvJT~Gy6SpZd5o-L3o_&filename=setup.exe

http://postimage.org/setup.exe

Scan postimage setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.