» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

The executable setup.exe has been detected as malware by 21 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Brothers In Arms by Ubisoft. According to AVG, this software downloads additional adware offers during setup.

File name:

setup.exe

MD5:

929967e6e7434c3d1516f4efa0a3623b

SHA-1:

6b6854253e3f612530fba47cfbfb6799f79c7896

SHA-256:

2e99f0a4ee70c49edba87d93f31e040e70054f20c64d391bc8db94227a4cceff

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/26/2024 9:52:30 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DL.Delf

7.1.1

Avira AntiVirus

TR/Dldr.Delf.aaez

7.11.179.140

avast!

Win32:Malware-gen

2014.9-141123

AVG

Downloader.Generic11

2015.0.3282

Baidu Antivirus

Trojan.Win32.Dynamer

4.0.3.141123

Bkav FE

W32.Clode3e.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Delf-1281

0.98/21411

Dr.Web

Trojan.DownLoad2.42021

9.0.1.0327

Fortinet FortiGate

W32/Delf.AAEZ!tr.dldr

11/23/2014

G Data

Win32.Trojan.Agent.82KQJ3

14.11.24

IKARUS anti.virus

Trojan.Win32.Dynamer

t3scan.1.7.8.0

McAfee

Artemis!929967E6E743

5600.6938

Microsoft Security Essentials

Trojan:Win32/Dynamer!dtc

1.11005

NANO AntiVirus

Trojan.Win32.Delf.rcjkb

0.28.2.62671

Norman

Suspicious_Gen2.LAOTC

11.20141123

Qihoo 360 Security

Win32/Trojan.Downloader.0f1

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.127C5184!310137220

23.00.65.141121

Sophos

Mal/Generic-L

4.98

Vba32 AntiVirus

TrojanDownloader.Delf

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34062

Zillya! Antivirus

Downloader.Delf.Win32.17509

2.0.0.1959

File size:

544 KB (557,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ubisoft\gearbox software\brothersinarms\system\setup.exe

File PE Metadata

Compilation timestamp:

3/15/2005 7:28:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:t37ILRFJFuifAwEqAto67dBKr6nnwfE9TBCffRp4D/4:t3uoth4r6n8E9TYfL4

Entry address:

0x3351F

Entry point:

6A, 74, 68, A8, C7, 44, 10, E8, C9, 03, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, 10, 44, 48, 10, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, D8, 44, 48, 10, 59, 83, 0D, 6C, 28, 48, 10, FF, 83... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

248 KB (253,952 bytes)

Program Uninstaller

Program name:

Brothers In Arms

Display publisher:

Ubisoft

Uninstall string:

C:\Program Files (x86)\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.