home

setup.exe

DeltaCad Setup Program

Midnight Software, Inc.

This is a setup and installation application. The file has been seen being downloaded from downloads.updatersoft.com and multiple other hosts a known adware distribution point operated by Air Software.
Publisher:
Midnight Software, Inc.  (signed and verified)

Product:
DeltaCad Setup Program

Version:
8.0

MD5:
60d9b850d9581ec2bd7bc6dc90a4509d

SHA-1:
6ecddbe134f7911dd267bac3b537688ddc6cb791

SHA-256:
f5a3d01f1f1a51de4da1e8461e2145ec6bdc891f7a09f283209f145f70a404c7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 8:12:23 PM UTC  (today)

File size:
11.2 MB (11,794,096 bytes)

Product version:
8.0

Copyright:
Copyright © 1995-2014 by Midnight Software, Inc.

Trademarks:
DeltaCad® is a trademark of Midnight Software, Inc.

Original file name:
SETUP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Midnight Software, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
11/22/2012 2:47:18 AM

Valid to:
1/1/2016 1:37:47 AM

Subject:
CN="Midnight Software, Inc.", O="Midnight Software, Inc.", L=seattle, S=WA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B1B4FB8DE2BBA

File PE Metadata
Compilation timestamp:
3/29/2014 2:08:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:93f8IMf8s+Zc6IKTPIRCKT5nutjvnmfEUNQTVm1LAoQAs09II8fsZ80knD6ZJUM4:2yc6n7c7poI/L97JGnBMG

Entry address:
0x871B

Entry point:
E8, 36, 25, 00, 00, E9, 16, FE, FF, FF, FF, 74, 24, 04, FF, 15, 3C, 51, 41, 00, 85, C0, 75, 08, FF, 15, 34, 51, 41, 00, EB, 02, 33, C0, 85, C0, 74, 0B, 50, E8, 04, 26, 00, 00, 59, 83, C8, FF, C3, 33, C0, C3, CC, 57, 8B, 7C, 24, 08, EB, 6E, 8D, A4, 24, 00, 00, 00, 00, 8B, FF, 8B, 4C, 24, 04, 57, F7, C1, 03, 00, 00, 00, 74, 13, 8A, 01, 83, C1, 01, 84, C0, 74, 3D, F7, C1, 03, 00, 00, 00, 75, EF, 8B, FF, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC...
 
[+]

Entropy:
7.9891  (probably packed)

Code size:
80 KB (81,920 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://downloads.updatersoft.com/get/click/.../?uid=1795--1363--1391458542.5043--604737c60b&sid=FX_1363&filename=Setup

http://download-instantly.com/isn/js/http://cdn04.foxitsoftware.com/pub/foxit/reader/desktop/win/6.x/6.0/.../FoxitReader605.0618_enu_Setup.exe

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.