» setup.exe
Overview
Analysis
File Details

setup.exe

The application setup.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source.

File name:

setup.exe

MD5:

f8f7258239dfa4c4fc4b356a04ab3a59

SHA-1:

75e87f9360c89a60936d7b5d3eaf21abc9783fdd

SHA-256:

a07346c2eb4649d9c6519a885bb688d5c1a0e61175bcc71fad5f20d33d3f9f55

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 8:25:11 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.PullUpdate

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen7

8.3.1.6

AVG

Adware Generic_r.YY

2014.0.4311

Comodo Security

ApplicUnwnt

22221

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

multiple threats

7.0.302.0

K7 AntiVirus

Adware

13.204.16007

Malwarebytes

PUP.Optional.WebShield.A

v2015.05.23.11

McAfee

Artemis!E8A6A089970F

5600.6757

NANO AntiVirus

Riskware.Win32.Yontoo.dqmtwk

0.30.24.1636

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Generic PUA NP

4.98

Trend Micro House Call

Suspici.D63490C9

7.2.143

Vba32 AntiVirus

AdWare.MSIL.PullUpdate

3.12.26.4

File size:

4.3 MB (4,469,308 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata

Compilation timestamp:

6/6/2009 11:41:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:HY3Ukb8yQkGlSGsR4Kyiuz9zry8CPD+/dD6xbyQtU1iRQY40a8NSMwEKlP7RpcHB:Hb/zsRs9i8b30SrEiP7Rw5h6B/k

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.