» Setup.exe
Overview
Analysis
File Details
Behaviors (1)

Setup.exe

Tarma Installer

Tarma Software Research Pty Ltd

This is the uninstaller utility registered in the Windows Control Panel for the program Quik Series Framing 11.572 by Tanmari Pty Ltd.

File name:

Setup.exe

Publisher:

Tarma Software Research Pty Ltd (signed and verified)

Product:

Tarma® Installer

Version:

2010.01.09.1115U

MD5:

6c735a3c743e995ea933c05c551c0b66

SHA-1:

769c854ff9dd8b11a721046fdf7e2c8ae49c4bae

SHA-256:

a553955fbd12eecd86620d061eac036e59ace6b8f80e3d23f4eef4fdfd95e66e

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 9:17:15 PM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/Adware.B.gen

v6.4.7.1.166

Prevx

High Risk Cloaked Malware

3.0

File size:

278.5 KB (285,184 bytes)

Product version:

5.7.3662

Trademarks:

Tarma® is a registered trademark of Tarma Software Research Pty Ltd

Original file name:

Setup.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\tarma installer\{b9e573f6-ae1a-4361-910f-6bec7c1ef6ce}\setup.exe

Digital Signature

Signed by:

Tarma Software Research Pty Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

8/5/2009 8:00:00 AM

Valid to:

8/7/2010 7:59:59 AM

Subject:

CN=Tarma Software Research Pty Ltd, OU=DEVELOPMENT, O=Tarma Software Research Pty Ltd, L=Melbourne, S=Victoria, C=AU

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

19F9CC3CA4240408AFB5578FAA4913F1

File PE Metadata

Compilation timestamp:

1/9/2010 8:50:06 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:jRALE9f1AAypz2mSEpcgLWv+F8eLdkhzaXXGKLUPOO8U80d49b07VkwQjIq4dD+M:Wo9f1AdCp8tBLdsaHF9Vwt7V4l4d+/E

Entry address:

0x20FD0

Entry point:

48, 83, EC, 28, 33, C9, E8, E5, 7A, 00, 00, 44, 8B, D8, 4C, 89, 1D, 63, 8C, 01, 00, E8, 12, FF, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 40, 48, 85, D2, 49, 8B, D8, 48, 8B, FA, 74, 03, 83, 22, 00, 48, 85, DB, 74, 04, 41, 83, 20, 00, 45, 33, C9, 48, 8D, 44, 24, 30, 41, B8, 00, 10, 00, 00, 41, 8D, 71, 02, 48, 89, 44, 24, 20, 8B, D6, E8, C8, 94, 00, 00, 85, C0, 74, 0C, 48, 85, DB, 74, 02, 89, 03, 83, C8, FF, EB, 53, 48, 8B, 44, 24, 30, 81, 78, 10, 74, 69, 7A, 32, 74, 34, 81, 78... 
[+]

Entropy:

6.1414

Code size:

186.5 KB (190,976 bytes)

Program Uninstaller

Program name:

Quik Series Framing 11.572

Display publisher:

Tanmari Pty Ltd

Display version:

11.572

Uninstall string:

C:\PROGRA~3\TARMAI~1\{B9E57~1\Setup.exe /remove /q0

Scan Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.