home

setup.exe

PORTO EDITORA, LDA

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PelSetupRun’.
Publisher:
PORTO EDITORA, LDA  (signed and verified)

MD5:
8b2a36b6afba71fe63d7245f8db3128c

SHA-1:
90e88d2ab9e5ea76082d9f8cab85e1716e895d50

SHA-256:
5b972bd87ce2e2c40673f132f9d2ef86a9b8e71c467818188021513374f69f5b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
7/13/2025 9:23:26 AM UTC  (today)

File size:
17.8 MB (18,701,544 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
PORTO EDITORA, LDA

Authority:
GoDaddy.com, Inc.

Valid from:
7/26/2011 4:16:45 PM

Valid to:
7/26/2013 4:09:15 PM

Subject:
CN="PORTO EDITORA, LDA", OU=DPS, O="PORTO EDITORA, LDA", L=Porto, S=Porto, C=PT

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B18F082AC6589

File PE Metadata
Compilation timestamp:
2/21/2009 7:46:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:4HH1U3xLEPHxfjZIAVQ1r1DYdX+OO9GttrD8NGlGDsVD:4HH1eQdZIO6a+L0ttf8NFOD

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 05, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PelSetupRun

Command:
C:\setup.exe


Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.