» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

Tarma Installer

Tarma Software Research Pty Ltd

The executable setup.exe, “TIN Setup - Professional” has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Autodesk DWF Viewer by Autodesk, Inc..

File name:

setup.exe

Publisher:

Tarma Software Research (signed by Tarma Software Research Pty Ltd)

Product:

Tarma Installer

Description:

TIN Setup - Professional

Version:

2003.10.01.1655A

MD5:

40b312474a4851c8063d18a91bc2e7c0

SHA-1:

5e06e592abbbccf72a7cb552f52823ad4d3a781a

SHA-256:

6553111ac47779c82c0d562b8490f661b18b0f0f149be15ec199175aaa88ab75

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

7/3/2025 5:23:53 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Agent-BARL [Trj]

160518-2

AVG

Win32/Chir.I@mm

2015.0.4568

Dr.Web

Detection.Undefined

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Nimda.O

9.0.0.4157

F-Prot

W32/Thecid.A!Generic

4.6.5.141

F-Secure

Win32.Worm.Nimda.O

5.15.96

Kaspersky

Email-Worm.Win32.Runouce

15.0.0.562

McAfee

Virus.W32/Chir.gen!remnants

18.0.204.0

Norman

Win32.Worm.Nimda.O

19.05.2016 05:17:13

File size:

91.4 KB (93,644 bytes)

Product version:

2.65.1370

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\autodesk\autodesk dwf viewer\setup.exe

Digital Signature

Signed by:

Tarma Software Research Pty Ltd

Authority:

Thawte Consulting cc

Valid from:

6/19/2003 1:06:31 PM

Valid to:

7/9/2004 5:47:01 AM

Subject:

CN=Tarma Software Research Pty Ltd, OU=Secure Application Development, O=Tarma Software Research Pty Ltd, L=Carlton, S=Victoria, C=AU

Issuer:

E=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, S=Western Cape, C=ZA

Serial number:

3D0E59

File PE Metadata

Compilation timestamp:

9/30/2003 11:55:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:5UfVQEchLg+hHS/HkDMFzfecpwSF6V18iNFTIYo+cRN4IB0ssKldpPssKldp9ss0:59RgMHjD4rjGSEH84VIYovjP/l6l8l

Entry address:

0x266B0

Entry point:

60, BE, 00, 80, 41, 00, 8D, BE, 00, 90, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.4744

Packer / compiler:

UPX 2.90LZMA

Code size:

60 KB (61,440 bytes)

Program Uninstaller

Program name:

Autodesk DWF Viewer

Display publisher:

Autodesk, Inc.

Display version:

4.1

Uninstall string:

C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.