home

Setup.exe

InstallShield

Macrovision Corporation

The program is a setup application that uses the InstallShield Setup installer. It runs as a scheduled task under the Windows Task Scheduler. This is the uninstaller utility registered in the Windows Control Panel for the program Integrated Camera Driver Installer Package Ver.1.1.0.1147 by RICOH. The file has been seen being downloaded from riddle442.blob.core.windows.net and multiple other hosts.
Publisher:
Macrovision Corporation

Product:
InstallShield

Description:
Setup.exe

Version:
14.0.162

MD5:
6f58a1d8e7b031c6f2a60ba04d1a0b7d

SHA-1:
64ced7781de492d15f0d443faffd2d0244b43e56

SHA-256:
b7a82904d92b096cb6ab537365f9c7f24b1ecefaa6ea7974c24e8102b1746f4b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 8:20:34 AM UTC  (today)

File size:
364 KB (372,736 bytes)

Product version:
14.0

Copyright:
Copyright (C) 2007 Macrovision Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\windows\temp\temp\utility\setup.exe

File PE Metadata
Compilation timestamp:
4/19/2007 8:08:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:DWWcGK4EDyGaLquWkVAJvRmiaPd+avl+LwedJ:DWvy2gq7TFDwe3

Entry address:
0x22094

Entry point:
55, 8B, EC, 6A, FF, 68, F0, A2, 44, 00, 68, 48, 50, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 40, 91, 44, 00, 33, D2, 8A, D4, 89, 15, 70, 8D, 45, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 6C, 8D, 45, 00, C1, E1, 08, 03, CA, 89, 0D, 68, 8D, 45, 00, C1, E8, 10, A3, 64, 8D, 45, 00, 6A, 01, E8, DC, 1C, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, A8, 11, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.3274

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
288 KB (294,912 bytes)

1253 Program Uninstaller
Program name:
Integrated Camera Driver Installer Package Ver.1.1.0.1147

Display publisher:
RICOH

Display version:
1.1.0.1147

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{B2CA6F37-1602-4823-81B5-0384B6888AA6}\setup.exe" -runfromtemp -l0x0009 anything -removeonly

Program name:
PCLinq3

Display publisher:
Prolific Technology Inc.

Display version:
3.1.0.3

Uninstall string:
"C:\Program Files\InstallShield Installation Information\{BD77C684-DF3C-4237-A9F9-FA90ED58CA3F}\setup.exe" -runfromtemp -l0x0009 -removeonly

Program name:
QSS Installation Program

Display publisher:
TP-LINK

Display version:
7.0

Uninstall string:
"C:\Program Files\InstallShield Installation Information\{153898EE-EECA-471E-8E33-C8485EA84C07}\setup.exe" -runfromtemp -l0x0009 -removeonly

Program name:
Acer ePower Management

Display publisher:
Acer Incorporated

Display version:
4.05.3004

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x407 -removeonly

Program name:
CityNavigator. 7.0

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{33DC5028-1E4B-4AAF-945C-0A48E2967682}\SETUP.EXE" -runfromtemp -l0x0007 -removeonly

Program name:
Europa Routenplaner 2008

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{7ACF8131-9EA4-4735-828D-3791256221B5}\setup.exe" -runfromtemp -l0x0007 -removeonly


Scheduled Task
Task name:
{2DAD3B09-E6F5-4CBD-BAB3-F911E6DD8E6F}

Trigger:
Registration (Runs on registration)


2 Startup Files (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
InstallShieldSetup

Command:
C:\Program Files2\instal~1\{eba29~1\setup.exe -rebootC:\Program Files2\instal~1\{eba29~1\reboot.ini -l0x0009

Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
InstallShieldSetup1

Command:
C:\Program Files1\instal~1\{38a1e~1\setup.exe -rebootC:\Program Files1\instal~1\{38a1e~1\reboot.ini


The file Setup.exe has been discovered within the following programs.

AccessData Mobile Phone Examiner Drivers  by AccessData
Publisher's description - “Mobile Forensic Examiner PLUS ®is AccessData’s market leading stand-alone mobile forensics software solution that delivers an intuitive interface, data visualization and smart device support in a single forensic interface.”
www.accessdata.com/products/digital-forensics/mobile-phone-examiner
About 1% of users remove it
Dawn of War - Soulstorm  by THQ Inc.
www.dawnofwargame.com/homepage.php
About 1% of users remove it
IDT Audio  by IDT
This program contains the driver that enables the IDT High-Definition (HD) Audio in supported notebook models that are running a supported operating system.
www.idt.com
9% remove it
Imposa Software  by QSTECH
About 6% of users remove it
Join Air  by ZTE Corporation
Join Air is the control manager software for ZTE modems and is typically unbranded and can be used with any mobile network carrier.
www.zte.com.cn
About 4% of users remove it
Mozilla Firefox 12.0 (x86 en-US)  by Mozilla
Firefox 12 was released on April 24, 2012. Firefox 12 introduced few new features, but it made many changes and laid the ground work for future releases. Firefox 12 for Windows added the Mozilla Maintenance Service which can update Firefox to a newer version without UAC prompt.
www.mozilla.org/firefox
10% remove it
NVIDIA StereoUSB Driver  by NVIDIA Corporation
www.NVIDIA.com
3% remove it
Visual Presenter V2 Customer  by Lumens Digital Optics Inc.
www.Lumens.com.tw
About 3% of users remove it
Walk-and-Talk  by PolyVision
About 1% of users remove it
 
Powered by Should I Remove It?

The file Setup.exe has been seen being distributed by the following 7 URLs.

http://riddle442.blob.core.windows.net/.../Setup.exe

http://srvqad:8080/qadhome/.../setup.exe

ftp://siap.com/APLIKASI JARINGAN/TPLINK DRIVER wn822n/TL-WN821N_V4.0_TL-WN822N_V3.0_TL-WN823N_V1.0/.../setup.exe

http://moozymusic.com/.../download.php?tid=720

http://ttb.totalvideoplugin.com/download/request/.../Mh5tawQm?ClickID=102dddff89cf1ed353f4d033079616&PubID=3326

http://qad2015ee:20001/qadhome/.../setup.exe

temp:setup.exe

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.