home

setting.exe

Salih DEMIRGAN

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘setting’. The file has been seen being downloaded from www.canlitv.tv.
Publisher:
Salih DEMIRGAN  (signed and verified)

MD5:
dd2be4f7dbb02fafc25b1c0a6b4fc191

SHA-1:
bfb3fc00f22453a75c42695324de56fe9ed813fb

SHA-256:
5972143025cb2f2e4464efa7900594fcfae0183b3da35c92fabb90c826638534

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 9:30:02 AM UTC  (today)

File size:
2.4 MB (2,487,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\canli tv\setting.exe

Digital Signature
Signed by:
Salih DEMIRGAN

Authority:
COMODO CA Limited

Valid from:
11/20/2013 2:00:00 AM

Valid to:
11/21/2014 1:59:59 AM

Subject:
CN=Salih DEMIRGAN, O=Salih DEMIRGAN, STREET=Abdül Aziz Mh. Şirin Hanım Sk. No:19, L=Konya, S=Meram, PostalCode=n-a, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D93C4C5A7797EED44FF4F38F7E699B06

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:GBP56cMccs/yCHm6sW8VffbmQjbEBKYTYZ5HNCNI:Gtcs/yCHm6sPVLmQ8BofNCNI

Entry address:
0x1921C0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 10, 1C, 59, 00, E8, CC, 4D, E7, FF, A1, 20, 9C, 5A, 00, 8B, 00, E8, BC, 2B, ED, FF, 8B, 0D, 6C, 9E, 5A, 00, A1, 20, 9C, 5A, 00, 8B, 00, 8B, 15, 90, EA, 58, 00, E8, BC, 2B, ED, FF, A1, 20, 9C, 5A, 00, 8B, 00, E8, 30, 2C, ED, FF, E8, 0B, 24, E7, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.6 MB (1,643,520 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
setting

Command:
C:\Program Files\canli tv\setting.exe


The file setting.exe has been seen being distributed by the following URL.

http://www.canlitv.tv/.../setting.exe

Scan setting.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.