home

set_up_outlookset.exe

Starfield Technologies, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Starfield Technologies, Inc.  (signed and verified)

MD5:
a77a2aadc5b8503826494469136f5c61

SHA-1:
d844d59d7f10cc225f9775887086d68b66f7a826

SHA-256:
6fe2620163478ba3988f8b0336ce686cd8451ed8bd53782a543068d9f6319fc8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:22:17 AM UTC  (today)

File size:
2.1 MB (2,198,560 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Starfield Technologies, Inc.

Authority:
Starfield Technologies, Inc.

Valid from:
10/8/2008 3:16:07 PM

Valid to:
10/7/2011 3:58:20 PM

Subject:
CN="Starfield Technologies, Inc.", OU=MIS, O="Starfield Technologies, Inc.", L=Scottsdale, S=AZ, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00E032E8

File PE Metadata
Compilation timestamp:
8/19/2010 12:20:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:BIiH44dY748NxUR52Yn7q51qTg55v+DGSHhL7BVF0wqlb:BIk4aIlN6tngM8vmL7BYhlb

Entry address:
0x5BD6

Entry point:
E8, F6, 31, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F8, 03, 41, 00, 89, 0D, F4, 03, 41, 00, 89, 15, F0, 03, 41, 00, 89, 1D, EC, 03, 41, 00, 89, 35, E8, 03, 41, 00, 89, 3D, E4, 03, 41, 00, 66, 8C, 15, 10, 04, 41, 00, 66, 8C, 0D, 04, 04, 41, 00, 66, 8C, 1D, E0, 03, 41, 00, 66, 8C, 05, DC, 03, 41, 00, 66, 8C, 25, D8, 03, 41, 00, 66, 8C, 2D, D4, 03, 41, 00, 9C, 8F, 05, 08, 04, 41, 00, 8B, 45, 00, A3, FC, 03, 41, 00, 8B, 45, 04, A3, 00, 04, 41, 00, 8D, 45, 08, A3, 0C, 04, 41...
 
[+]

Entropy:
7.9921  (probably packed)

Code size:
45 KB (46,080 bytes)

The file set_up_outlookset.exe has been seen being distributed by the following 2 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-43LOs1vpVixbn6-cDtK6lczpVPcplpzzbdbouhx_Ey_baHWfMnNWuOy-8GK-883P/messages/@.id==AOPbi2IAAQtzTsu2IAE8cRt2mNk/content/parts/@.id==5/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbZ2vDNlChOObUceIYRSGFZyZNdBf65C38bG6fpuZV_7A&error=https://ca-mg4.mail.yahoo.com/.../iframemsg?id=5075a8a5-4776-df93-5823-92757bfba7b0&ymreqid=b874dcab-3c0a-96c4-01f5-130021010000

http://na.secureserver.net/set_up_outlookset.exe

Scan set_up_outlookset.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.