» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

Tarma Installer

Tarma Software Research Pty Ltd

The executable setup.exe, “TIN Setup - Professional” has been detected as malware by 16 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Autodesk Express Viewer by Autodesk, Inc..

File name:

setup.exe

Publisher:

Tarma Software Research (signed by Tarma Software Research Pty Ltd)

Product:

Tarma Installer

Description:

TIN Setup - Professional

Version:

2003.01.10.1509

MD5:

2dfbb93a455d70eeb9d6eba1fa214709

SHA-1:

4b9b8d4e85aaac790403d16d7690afc2cda3a6f4

SHA-256:

d7692d17c2d1e5496dd047f5231d76233a5a9773f53a204a86f6f36834f6100a

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

5/31/2024 11:33:16 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160414-2

AVG

Worm/Mabezat.A.dropper

2015.0.4604

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

11.5.0.6191

ESET NOD32

Win32/Mabezat.A virus

8.0.319.0

F-Prot

W32/Mabezat.A-1

4.6.5.141

F-Secure

Win32.Worm.Mabezat.Gen

5.15.96

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.2018.0

Norman

Win32.Worm.Mabezat.Gen

28.05.2016 13:03:37

File size:

223.3 KB (228,623 bytes)

Product version:

2.36.1106

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\autodesk\autodesk express viewer\setup.exe

Digital Signature

Signed by:

Tarma Software Research Pty Ltd

Authority:

Thawte Consulting cc

Valid from:

7/10/2002 5:47:01 AM

Valid to:

7/10/2003 5:47:01 AM

Subject:

CN=Tarma Software Research Pty Ltd, OU=Secure Application Development, O=Tarma Software Research Pty Ltd, L=Carlton, S=Victoria, C=AU

Issuer:

E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA

Serial number:

09542A

File PE Metadata

Compilation timestamp:

1/10/2003 5:12:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:pUqHGbuGvBzXKdFyUV/0CKTUtWyveUJtpJYqg:dwb94ye/0CKTYJtpJZg

Entry address:

0x24AA0

Entry point:

BB, 98, 43, 42, 00, FF, E3, 00, 00, A0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Code size:

56 KB (57,344 bytes)

Program Uninstaller

Program name:

Autodesk Express Viewer

Display publisher:

Autodesk, Inc.

Display version:

3.1

Uninstall string:

C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe /remove

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.