» setup.exe
Overview
Analysis
File Details

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.

File name:

setup.exe

MD5:

6384121536df98ad8b9be7a5ecdaf58f

SHA-1:

0d01ccfaa108a7a7951bea5749fc0fc2bc38ddbc

SHA-256:

fe40b7ba5256f8054b5c8fa2b53b7f8f11774382e3cd3da74bdeab5bbf963b65

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 1:33:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.PKX

675

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.03.31

Avira AntiVirus

PUA/SoftPulse.oani

3.6.1.96

avast!

Win32:SoftPulse-FI [PUP]

2014.9-150401

AVG

Generic

2016.0.3153

Bitdefender

Adware.Agent.PKX

1.0.20.455

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Domaiq.175

9.0.1.091

Emsisoft Anti-Malware

Adware.Agent.PKX

8.15.04.01.12

Fortinet FortiGate

PossibleThreat

4/1/2015

F-Secure

Adware.Agent.PKX

11.2015-01-04_4

G Data

Adware.Agent.PKX

15.4.25

herdProtect (fuzzy)

variant of setup(1).exe (Adware)

2015.7.3.23

Kaspersky

not-a-virus:Downloader.Win32.DriverUpd

14.0.0.2260

Malwarebytes

PUP.Optional.DigitalPlugin.C

v2015.04.01.12

MicroWorld eScan

Adware.Agent.PKX

16.0.0.273

NANO AntiVirus

Trojan.Win32.DriverUpd.dppdhf

0.30.8.659

nProtect

Adware.Agent.PKX

15.04.02.01

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.1.0

Sophos

PUA 'SoftPulse' (of type Adware)

5.12

VIPRE Antivirus

Threat.4150696

38882

File size:

602.5 KB (616,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\programs\setup.exe

File PE Metadata

Compilation timestamp:

3/25/2015 5:53:53 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:R7dsT3qZS9NlcLIcy9iUJVhnJiNz8PzGlTl6NaHoSUHC:R71kncLIcy9iUbhUpQKlTY9HC

Entry address:

0x1AB680

Entry point:

60, BE, 00, 10, 53, 00, 8D, BE, 00, 00, ED, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F5, 9C, 1A, 00, 57, 83, C3, 04, 53, 68, 71, A6, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9481 (probably packed)

Code size:

496 KB (507,904 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.