» setup.exe
Overview
Analysis
File Details
Downloads (5)

setup.exe

ElcomSoft Co.Ltd.

This is a setup and installation application. The file has been seen being downloaded from s8262.chomikuj.pl and multiple other hosts.

File name:

setup.exe

Publisher:

ElcomSoft Co.Ltd. (signed and verified)

MD5:

2731926a0fb6d1576c1e41dfbec142ba

SHA-1:

1e2d026c17c08d532b15181ed64f88fbe0bb70df

SHA-256:

1358bd9e5cbba2a1185abd990bf5062ca742a02ee7b33db9688d0924c71cf364

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/24/2024 11:35:32 AM UTC (today)

Scan engine

Detection

Engine version

Kaspersky

not-a-virus:PSWTool.Win32.AdvancedPR

14.0.0.3643

Quick Heal

(Suspicious) - DNAScan

6.14.14.00

ViRobot

Spyware.AdvancedPR.R.1613608

2011.4.7.4223

File size:

1.5 MB (1,613,608 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

ElcomSoft Co.Ltd.

Authority:

VeriSign, Inc.

Valid from:

7/15/2005 3:00:00 AM

Valid to:

9/4/2006 2:59:59 AM

Subject:

CN=ElcomSoft Co.Ltd., OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ElcomSoft Co.Ltd., L=Moscow, S=Moscow, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

57AFE5C6775E9EEFC5C10A839682C12D

File PE Metadata

Compilation timestamp:

8/26/2005 9:18:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:R3l5ds4YUGsqbYlgk7ZdRcbS30gqOopHzk4YAUXdqs/NiodLHHfGOG9nDg6fQpcu:vl/qbALZdRcWWDsdqSNic6XVfmJYgNd

Entry address:

0x3174

Entry point:

83, EC, 20, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 38, 92, 40, 00, 89, 74, 24, 14, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 80, 72, 40, 00, 68, 28, 92, 40, 00, 68, 20, 3B, 42, 00, A3, D0, 43, 42, 00, E8, C0, 27, 00, 00, BB, 00, B4, 42, 00, BF, 00, 04, 00, 00, 53, 57, FF, 15, 58, 71, 40, 00, E8, 79, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, AC, 70, 40, 00, 68, 20, 92, 40, 00, 53, E8, 9A, 27, 00, 00, E8, 59, FF, FF, FF, 85, C0, 0F, 84, 46, 01, 00, 00, BE, 00, A0, 42, 00... 
[+]

Code size:

22 KB (22,528 bytes)

The file setup.exe has been seen being distributed by the following 5 URLs.

http://s8262.chomikuj.pl/File.aspx?e=gXVdaa5d1pwduvxek2mECgKlLz4WOqvpo_jO3GTPcncHRmqqdG4GBOQ7wbtPDE_ePZ8aX3Pq0GW6Kvcd2fSiLq6eEJzL29DW6frGWXvj8lBCnKj45TlV9dzaGIlx-6m2dCOnNOiFl6_hDYBloVdhBmN2mD0aeUhthAouY9aCQ1k&pv=2

http://s8262.chomikuj.pl/File.aspx?e=gXVdaa5d1pwduvxek2mEChSm5mYFayb8PUPos8xKisVA53ugolH_IXlwVsjfu0wIrJVJabnQEBw0ycCcLuAxKkW88jDekBGk-fff4YJSYy7PpDNj9cGZpT0-0Zw-yMta8rHFjJrlyS0BsVAR-k1cViq3kYHTOQ3ng7Y_5A5VRzM&pv=2

http://s8262.chomikuj.pl/File.aspx?e=gXVdaa5d1pwduvxek2mECv3zntS99bxDBpyTYOTRmUFpmqfuouVpIbicFqiZVQPpzZmsiRc4K6XTJQvNMISq1tURRBCQLwSrmeutiZX8bl8HHWOmIrYO8iNARN7x49wuoWGtAk6IskAPD_kTN2ryLika_iKsPdpVt_MKRJvj4ww&pv=2

http://s10581.chomikuj.pl/File.aspx?e=gXVdaa5d1pwduvxek2mECsmoX8HmXYub3RM257g7kUFwlc5ZkJv1tGaDBAFiBCICzO1qytuAHS7BxFcCkRii8t-djVpp2ztmATfuk7m9jNflLSDucywFg5DRWzCTNVvEioSat76LGdbLYE5h-U_nUka9lokg5h_gbxNo0pw7IlU&pv=2

http://s10581.chomikuj.pl/File.aspx?e=gXVdaa5d1pwduvxek2mECn3gAZnDm_dfo_VX2veUv4LFmx0B0qYtX3NAaWY-ZsKri0sNxHBsrNA1-CaitXVWpQtSlu_kYWEnvf8HN6B_sCpIg_LfoLuRuyuj99TXnYU9r1hW37BrPVGqqkJprQ2CnRoXQcvPfukKyKHEs-0VIpg&pv=2

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.