» setup.exe
Overview
Analysis
File Details

setup.exe

Pro Evolution Soccer 3

Konami Computer Entertainment Tokyo, Inc.

The executable setup.exe, “Setup Launcher ” has been detected as malware by 12 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

setup.exe

Publisher:

Konami Computer Entertainment Tokyo, Inc.

Product:

Pro Evolution Soccer 3

Description:

Setup Launcher

Version:

1.00.0000

MD5:

8ea659072f4917dc4c338841e520ce2f

SHA-1:

845e4a57bd3eef38819414398bd41499254af5a3

SHA-256:

9500a74909c49766ed51ff3800c912ae5543508ea07d62a06b0ed948a89f9ada

Scanner detections:

12 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 9:39:19 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Kukacka

160119-0

AVG

Win32/Sality

2015.0.4489

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5033.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46244

File size:

292 KB (299,008 bytes)

Product version:

1.00.0000

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\p.e.s\setup.exe

File PE Metadata

Compilation timestamp:

5/1/2003 10:33:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KCODHx7sqEX0ttCyaQ/URuO5lDA56pXsGKLu8NQu6aE8s7b2VZjKX:WhsX0tIy78IYDk6tmxQu6apGbAM

Entry address:

0x1890C

Entry point:

60, 0F, C9, 57, 0F, BF, C6, 0F, AF, EF, 8D, 1D, 4A, 5C, 8B, 21, 0F, BC, FB, FF, C8, C0, CA, 84, F7, C0, 85, 2D, 78, 11, EB, 0A, 8B, D5, F7, C2, ED, FE, AE, 6B, F6, DF, 81, FE, 23, 4E, 00, 00, 71, 02, FF, CA, E8, 00, 00, 00, 00, 5F, FF, C1, 40, F6, DB, 25, 56, 99, 7E, 50, F6, C6, 26, 8B, C6, 0F, BA, E2, E1, 0F, AF, D2, 15, 38, 40, 87, DA, 81, FB, FE, 56, 00, 00, 80, CC, 6A, 0F, A4, F0, 1E, 25, D3, 5C, 63, 7B, 0F, BC, DD, 69, CD, 30, 54, D0, 6F, F7, C5, 18, 98, 0C, 63, D1, EB, 0F, BD, CE, BA, 73, F0, 9C, 1E... 
[+]

Entropy:

7.0019

Code size:

136 KB (139,264 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.