» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from d24p1vpeyzkq4h.cloudfront.net.

File name:

setup.exe

MD5:

a977481baa3eee4437ca23b4609c5633

SHA-1:

3d26bb7418c571609a41d7d90afc2872b00125d6

SHA-256:

4b1ba8285787bf62c2bea06b6ab1de853218513db4c1343cd78fb464899ca30f

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 11:52:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.60

5703016

Arcabit

Trojan.Application.Bundler.60

1.0.0.629

avast!

Win32:Evo-gen [Susp]

151210-0

AVG

DiCrypt

2016.0.2899

Baidu Antivirus

PUA.Win32.DealPly

4.0.3.151210

Bitdefender

Gen:Variant.Application.Bundler.60

1.0.20.1720

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.60

15.12.10

ESET NOD32

Win32/DealPly.BX potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

5.15.21

G Data

Gen:Variant.Application.Bundler.60

15.12.25

IKARUS anti.virus

PUA.DealPly

t3scan.1.9.5.0

MicroWorld eScan

Gen:Variant.Application.Bundler.60

16.0.0.1032

Norman

Gen:Variant.Application.Bundler.60

10.12.2015 09:05:08

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1077

File size:

875 KB (896,000 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:chyl2BLQyhFZWZY1hFZWZYAhFZWahFZWr2ShFZWZY2hFZWZYsSo:syl6LQyYZWYZjYaYr2SYZBYZPSo

Entry address:

0xD4E14

Entry point:

55, 8B, EC, 83, C4, F0, B8, AC, 4D, 4D, 00, E8, BC, F5, F2, FF, E8, C3, D8, F2, FF, 3D, C1, 00, 00, 00, 0F, 85, D8, 00, 00, 00, 00, 2E, 79, 05, 70, B5, 7C, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 1E, 5F, 0D, 00, A7, 49, 7E, 00, 49, 98, 91, 00, 61, 47, 00, 00, 79, 78, 0C, 00, 00, 2E, 79, 05, 70, B5, 7C, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 1E, 5F, 0D, 00, A7, 49, 7E, 00, 22, B5, 7C, 00, 61, 47, 00, 00, 79, 78, 0C, 00, 00, 2E, 79, 05, 49, 98, 91, 00, 57, 66, 0C, 00, 67, B3, 7C, 00, 49, 98, 91, 00, A7, 49, 7E, 00... 
[+]

Entropy:

4.4355

Developed / compiled with:

Microsoft Visual C++

Code size:

848 KB (868,352 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://d24p1vpeyzkq4h.cloudfront.net/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.