» Setup.exe
Overview
Analysis
File Details

Setup.exe

The file Setup.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

MD5:

2f2712961b14e8a242ca0c0da9cf9d56

SHA-1:

16e6ecd98b60bf72c5d2df7dfd95546c6edb77c8

SHA-256:

166c2b1b75cffaf8626434e169cca59e75a9eb819cfc69872a5d5f671c47499d

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:16:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13091070

5646091

AhnLab V3 Security

PUP/Win32.Generic

2015.04.18

avast!

Malware-gen

150319-1

Bitdefender

Trojan.Generic.13091070

1.0.20.540

Dr.Web

Adware.Downware.9847

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.13091070

9.0.0.4799

ESET NOD32

Win32/AdGazelle.E potentially unwanted application

7.0.302.0

F-Secure

Trojan.Generic.13091070

5.13.68

G Data

Trojan.Generic.13091070

15.4.25

herdProtect (fuzzy)

variant of setup.exe (Adware)

2015.7.19.22

IKARUS anti.virus

PUA.AdGazelle

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15638

MicroWorld eScan

Trojan.Generic.13091070

16.0.0.324

NANO AntiVirus

Riskware.Win32.AdGazelle.dobxzm

0.30.16.1110

nProtect

Trojan.Generic.13091070

15.04.17.01

VIPRE Antivirus

Threat.4657539

38882

Zillya! Antivirus

Backdoor.PePatch.Win32.67133

2.0.0.2142

File size:

698.4 KB (715,190 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

2/24/2012 7:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:D0g3vPuuIH+qkuF35fG8u2P1EFoX8LJKumRw7PSVhW2xT0Mp5E6jVz+rFC:QyXuHHvkqbDEFoXmKHR0PEWVh6jJ+xC

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.8420

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.