home

setup installer.exe

Win

The application setup installer.exe has been detected as a potentially unwanted program by 39 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.
Publisher:
Microsoft*  (Invalid match)

Product:
Win

Version:
1.00

MD5:
3ca09d48544f24e7b065462e2be92bb2

SHA-1:
6d3400a9c1f84d32d987fcf929cd2347d0c150fc

SHA-256:
8f3d70dbe149d4ed741c8c605ef2ac759c78537eef8c3d953039c96cf0929a68

Scanner detections:
39 / 68

Status:
Potentially unwanted

Analysis date:
4/28/2024 1:50:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.6753864
5639840

Agnitum Outpost
Trojan.VBGent.Gen.471
7.1.1

AhnLab V3 Security
Trojan/Win32.Swisyn
2015.06.04

Avira AntiVirus
TR/Dropper.Gen
8.3.1.6

Arcabit
Trojan.Generic.D670E48
1.0.0.425

avast!
MultiPlug-ZC [PUP]
150602-1

AVG
Crypt_vb
2016.0.3089

Bitdefender
Trojan.Generic.6753864
1.0.20.770

Bkav FE
W32.VB.Swisyn.PE
1.3.0.6379

Clam AntiVirus
Trojan.Kazy-300
0.98/20547

Comodo Security
TrojWare.Win32.VB.OSKB
22322

Dr.Web
Trojan.Siggen3.3543
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.6753864
10.0.0.5366

ESET NOD32
Win32/VB.OSK trojan
7.0.302.0

Fortinet FortiGate
W32/Swisyn.BNER!tr
6/3/2015

F-Prot
W32/VB.AD.gen
4.6.5.141

F-Secure
Trojan.Generic.6753864
5.14.151

G Data
Trojan.Generic.6753864
15.6.25

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.9.3.0

K7 AntiVirus
P2PWorm
13.204.16124

Kaspersky
Trojan.Win32.Swisyn
15.0.0.543

Malwarebytes
Trojan.FakeMS.ED
v2015.06.03.02

McAfee
Program.MultiPlug-FXP
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.199.1463.0

MicroWorld eScan
Trojan.Generic.6753864
16.0.0.462

NANO AntiVirus
Trojan.Win32.Swisyn.kfrsw
0.30.24.1636

Norman
Trojan.Generic.6753864
02.06.2015 14:23:46

nProtect
Trojan.Generic.6753864
15.06.02.01

Panda Antivirus
Generic Malware
15.06.03.02

Quick Heal
Trojan.Mofksys.A
6.15.14.00

Rising Antivirus
PE:Trojan.Vbex!1.99EE
23.00.65.15601

Sophos
Virus 'W32/Mofksys-B'
5.15

SUPERAntiSpyware
Trojan.Agent/Gen-VBFake
9836

Total Defense
Win32/VB.BOP
37.1.62.1

Trend Micro House Call
PE_MOFKSYS.A
7.2.154

Trend Micro
PE_MOFKSYS.A
10.465.03

Vba32 AntiVirus
MAS.Trojan.VB.01049
3.12.26.4

VIPRE Antivirus
Threat.4763461
40786

Zillya! Antivirus
Trojan.Swisyn.Win32.31682
2.0.0.2203

File size:
2.2 MB (2,278,246 bytes)

Product version:
1.00

Original file name:
Win.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp\setup installer.exe

File PE Metadata
Compilation timestamp:
6/14/2011 4:01:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zENN+T5xYrllrU7QY6lq0x3oqssltwnYWGZOWD1G6Zi2LL:Z5xolYQY60O4X86SZOEG6Zi2H

Entry address:
0x3670

Entry point:
68, D4, 3E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 91, 83, A8, 05, 80, 67, 13, 47, B1, 52, 93, 58, 73, 8B, 90, 04, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, F4, A8, F6, 00, 57, 69, 6E, 00, 00, 00, 00, 00, 00, A5, F6, 00, 19, 00, 00, 00, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, 85, 4E, F1, 7E, B1, 9C, 9A, 4B, 98, C2, C9, F7, 1A, 70, A9, 38, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
172 KB (176,128 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-213-72-9.us-west-2.compute.amazonaws.com  (54.213.72.9:80)

Remove setup installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.