» setup.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

setup.exe

The executable setup.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TimeNotifyer’. The file has been seen being downloaded from youtube.com.

File name:

setup.exe

MD5:

cee30a49a4c7f81c0227fdb7d89988d3

SHA-1:

61497a9779052f4ef37e1bf06a7b8b0ac601b5fd

SHA-256:

f3e4825ef7b3d8fa6efcadcc4babd25026d1cde08dd8b397ae841f4dfd2a05c2

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/19/2024 8:48:08 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.2.22.15

File size:

1 MB (1,066,932 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

6/28/2015 9:28:10 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:BSjx5q10I0XIsH9PxaiEMHsOsnpzVaUT4iuoJtfe2L:BMVIQxIoupzQVxoJQ2L

Entry address:

0x20A2

Entry point:

55, 8B, EC, 6A, 00, 68, 50, 3A, 40, 00, 68, E2, 22, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 30, 33, 40, 00, 59, 83, 0D, 8C, 5C, 40, 00, FF, 83, 0D, 90, 5C, 40, 00, FF, FF, 15, 70, 33, 40, 00, 8B, 0D, 80, 5C, 40, 00, 89, 08, FF, 15, 44, 33, 40, 00, 8B, 0D, 7C, 5C, 40, 00, 89, 08, A1, 48, 33, 40, 00, 8B, 00, A3, 88, 5C, 40, 00, E8, CE, 01, 00, 00, 39, 90, A0, 5B, 40, 00, 75, 0C, 68, DE, 22, 40, 00, 90, 15... 
[+]

Entropy:

7.9682

Developed / compiled with:

Microsoft Visual C++

Code size:

8 KB (8,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TimeNotifyer

Command:

C:\users\{user}\downloads\setup.exe

The file setup.exe has been seen being distributed by the following URL.

http://youtube.com/setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.