» setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (67)

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

This is installed with Microsoft Office Professionnel Plus 2013. The file has been seen being downloaded from get.default-page.com and multiple other hosts.

File name:

setup.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Setup Bootstrapper

Version:

15.0.4420.1017

MD5:

2c430c0a60e3b669d37b25b09f4be8ef

SHA-1:

5c6b236160498ccd27bc4195dcdaacd466aa8ec4

SHA-256:

b0a54489d3f4128c7fb11c30d89e18edd65d05e6ef9fca1c0a0818f0ed8ee25f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/25/2024 2:47:10 AM UTC (today)

File size:

209.6 KB (214,664 bytes)

Product version:

15.0.4420.1017

Original file name:

setup.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/26/2012 11:50:41 PM

Valid to:

10/26/2013 11:50:41 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

3300000088590E3C511FE26A67000100000088

File PE Metadata

Compilation timestamp:

9/29/2012 9:47:49 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

1536:+EiSTMbZJzgRVNh93u2ZaIFYYYYYYz5npJRaCAd1uhNRd:fiSTKZJz6VNX3ubId5nRt

Entry address:

0x16BC

Entry point:

48, 83, EC, 28, E8, 67, 19, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, 90, 90, 4C, 8B, DC, 49, 89, 5B, 08, 49, 89, 6B, 18, 49, 89, 73, 20, 49, 89, 53, 10, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 40, 4D, 8B, 79, 08, 4D, 8B, 31, 8B, 41, 04, 49, 8B, 79, 38, 4D, 2B, F7, 4D, 8B, E1, 4C, 8B, EA, 48, 8B, E9, A8, 66, 0F, 85, ED, 00, 00, 00, 49, 63, 71, 48, 49, 89, 4B, C8, 4D, 89, 43, D0, 48, 8B, C6, 3B, 37, 0F, 83, 81, 01, 00, 00, 48, 03, C0, 48, 8D, 5C, C7, 0C, 8B, 43, F8, 4C, 3B, F0, 0F, 82, A8, 00, 00... 
[+]

Entropy:

3.2050

Code size:

22 KB (22,528 bytes)

The file setup.exe has been discovered within the following program.

Microsoft Office Professionnel Plus 2013 by Microsoft Corporation

2% remove it

The file setup.exe has been seen being distributed by the following 50 URLs.

http://get.default-page.com/.../Get?p=3022&d=3509&l=1694&n=0&d1=1&clickid=Z1dXVpZD0yZTVkM2I4ZC1iZTJlLTRhNjAtYTdhYS1kNDVmYTFjY2E1OTQ

https://drive.google.com/uc?id=0B1wdts_LD5kPQl9nWmZRaG92SU0&export=download

https://urbansa.sharepoint.com/sites/sistemas/Documentos compartidos/SISTEMAS/Office 2013 Full/.../setup.exe

https://drive.google.com/a/.../uc?id=0B2gWWYcH0P3dMFdVaGhaSU1sTTg&export=download

https://doc-08-2c-docs.googleusercontent.com/docs/securesc/hpbr7mb0be7ekdgiherisogqfb95od8m/1n76t237bspsuqer328365angmp2325m/1471341600000/09546857595311281174/.../0B7A2mU2N_Zg7bFVjV1QzNlNibmM?e=download

http://mafreebox.freebox.fr/api/v3/.../L0Rpc3F1ZSBkdXIvVmlkw6lvcy9GSUxNIFVTL1t3d3cuQ3Bhc2JpZW4ucGVdIE1pY3Jvc29mdCBPZmZpY2UgUHJvZmVzc2lvbmFsIFBsdXMgMjAxMyBWTCBFZGl0aW9uIHg4NiB4NjQgRlIvT2ZmaWNlIDIwMTMgNjQgYml0L3NldHVwLmV4ZQ==?inline=0

ftp://ftp.ptcl.net.pk/Helpdesk-Software/Office 2013/.../setup.exe

https://docs.google.com/uc?authuser=0&id=0B02bnNlOf0eRMDdvQTU4amRnak0&export=download

https://dl-web.dropbox.com/get/Microsoft Office 2013 PT-BR X64 crack - By baixetorrents.com/.../setup.exe

https://dl-web.dropbox.com/get/.../setup.exe

http://isjcyt345.blob.core.windows.net/.../Setup.exe

https://onedrive.live.com/download.aspx?cid=DC95528CB842BBB4&resid=DC95528CB842BBB4!22123&canary=gWSnjVjfeXmrpgvU8buov1h0iBPW23spyHKdHxDuuNU=7&ithint=.exe

https://dl-web.dropbox.com/get/office/.../setup.exe

https://doc-0k-7g-docs.googleusercontent.com/docs/securesc/lhqng165tpqc8i513ifeslt3r8pt38k1/tm5c1q1umchfp9d2756ss3m5t0km52eu/1471212000000/04496183364288435106/.../0B0BvH_bONHRRczFsdjc1RVI1RTQ?h=11621357047821417406&e=download

https://mega.nz/temporary/.../fpoWSJbB

https://doc-0k-4o-docs.googleusercontent.com/docs/securesc/s8gh5llq27q8enh6lhfligk58ubivmkr/m471luok9nsf1f93cjmocugimvp7c6cu/1461909600000/14406431484346773194/.../0B1phWeZP1ybHS1NZTTFmUUo5WGs?e=download

https://doc-0o-4c-docs.googleusercontent.com/docs/securesc/uflvr201vnuough854nhsu1s3oji6f9u/dukd1a1shukncdhrqt1um78fifi9befb/1480953600000/05335219783966937406/.../0B6nOt09eZprXTC1PZnhnRGlyYXc?e=download

http://www.fraps.com/.../setup.exe

https://doc-0c-0g-docs.googleusercontent.com/docs/securesc/3udv97l268is62fjpcp4as49ovbli9ak/l633gqqauj9bq6je2lb1l7ifp91cnsbg/1477800000000/03244330997088356497/.../0B720i29KLUySVENIMERoSi1Yamc?e=download

http://192.168.1.131/api/1.0/rest/file_contents/Eligio/PROGRAMAS Y MANUALES/OFICCE/.../setup.exe

http://s7372.chomikuj.pl/File.aspx?e=wmYz5hYh8SpnOU2jyEBU404VZa8S0TzDPCJvalhrcG-L84GL8u34qH7jxx5m_5JGb9NpZaKM9QyOfL_PVmf5-Laf4pZZR-_TToavVCP34D5DEgrbtaMw7RTMJ9CAy-3ZCqagaqkLfzuuMkYKG0jmdA&pv=2

https://doc-10-ao-docs.googleusercontent.com/docs/securesc/hkb8mhlkoruur77lhsgatoqhtdoh0e2d/lrlqskmk93t14bblp5buckv5u8a1i7rd/1476237600000/.../01082831391922103858/0BwEZjh4kZ8GnVlBKTlZvVnIxbTQ?e=download

https://doc-0k-0c-docs.googleusercontent.com/docs/securesc/4s1fto1a40hq0i3i9vsg8c3l41lieho6/huqaua90qd11mvbepldueqoaremah7du/1469966400000/13130229247068772785/.../0B7LdnlnvVpReSm82VkJXeEpqdGs?e=download

https://doc-0s-78-docs.googleusercontent.com/docs/securesc/ejmg09llrg842vv5flo38nmo5nd818nl/na440tc66tfiupatn50uhmffd72rh4bh/1473739200000/.../14933043758371604104/0B0B9PiV6QXvWYm5oRGwwb05CWmM?e=download

ftp://201.238.217.50/NIEVES/Office 2013 Actualizado Mayo 2013/.../setup.exe

http://get1.fdg345.org/.../1432477787/1432477787?96493254595Xl9wLS49azktLjIuIGA0LzIxLCwdZzQrMjAxJGk5LB1eY2NfYmZiOC00LzMtLS8vLTYsMC4pLy4xMy02JGRfamU4KCB2YG07Kw

https://drive.google.com/uc?id=0B6uFJ-OE5ua8cFBDckZxNndCMFE&export=download

https://doc-10-18-docs.googleusercontent.com/docs/securesc/uig083qn5gmlo457ksdnhh38bbhqsqlk/7ho2jat8g54lm62b9hg0kc72i4j22f58/1441648800000/.../09148658618477372073/0B6GHOfwXiKRiUnhxOE9JanpDem8?e=download

https://drive.google.com/uc?id=0BxCdhbVowGz7VlpWT2xrbkUzUHc&export=download

http://mbttd.com/engine/.../cyc3VwcGx5X3BsYXRmb3JtX2FjY291bnRfaWQ9NDA1JnN1cHBseV9wbGF0Zm9ybV9pZD00NzUmbGluZV9pdGVtX2lkPTcyMjQ?ext_click_id=w_5mp8xsmQwV8qUf_ISCOvWyz2FbKEgP1io_c_ZtZFCcxkdPWWuJLTbYymmfUJGUBe-NdlYNxdybTm0MG3u6589GSx4s6ud5vvZJ73CMhfxueFSDkE9wYXtsfsjNHd8_BTShUUo4Ca8v8E22W_Kf486B4TdNLfk9161p4AgnFss2qnjeCKDyxLkvVyqY4royVAiE2UqecL5hNoJRrW2PhFXyoK-orpVeiZxsIenOaYGwVs9AUJzyBM4vqSQ_xe8Ui5lwH7mAAw-qZ2hRq0NACyLY1vesWB2P3IRouvJ84gnI98LxWS2rT1pipiUOTaVIzBaTmJNoGyVLCISfaLYsSJFxXHGE8XGL-jP9t8bsUe58oDHb-Dz3V9ISssBdmi6t7YSxP9w-hQT1IvI

Latest 30 of 67 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.