» Setup.exe
Overview
Analysis
File Details
Downloads (233)
Network (16)

Setup.exe

ManyCam Virtual Webcam

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file Setup.exe, “ManyCam Installer” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts. While running, it connects to the Internet address server-54-192-227-236.gig50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Setup.exe

Publisher:

Visicom Media Inc. (signed and verified)

Product:

ManyCam Virtual Webcam

Description:

ManyCam Installer

Version:

1.0.4.2

MD5:

f5f46bbd587843f3f3142606f4f4b616

SHA-1:

94060a5aa33b76657a55200f27f355f24f38f9a3

SHA-256:

9b28adfc10d34b81d29e969580d02e7f20598972b886b761566e8f5f18f87fd8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 3:53:09 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

15.12.5.21

File size:

289 KB (295,960 bytes)

Product version:

1.0.4.2

Trademarks:

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Symantec Corporation

Valid from:

2/8/2015 7:00:00 PM

Valid to:

2/8/2017 6:59:59 PM

Subject:

CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7022688814C950B353E71B8D1C1D84

File PE Metadata

Compilation timestamp:

2/2/2015 4:28:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:Ly3G8+2+JnCjg2m7BRhtOWUa7TfcNuSLXNR636vhX:LyQOgt7o0SruShX

Entry address:

0x6C46

Entry point:

E8, 62, 39, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 09, 00, 00, 3B, 0D, 10, E1, 42, 00, 75, 02, F3, C3, E9, 48, 14, 00, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 23, 2F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, E9, 42, 00, 74, 11, A1, 2C, EA, 42, 00, 85, 42, 70, 75, 07, E8, 61, 42, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 70, E1, 42, 00, 74, 15, 8B, 4E, 08, A1, 2C, EA, 42, 00, 85, 41, 70, 75, 08, E8, C4, 45, 00, 00, 89, 46, 04, 8B... 
[+]

Entropy:

5.8625

Code size:

127 KB (130,048 bytes)

The file Setup.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/1833c5cf089da292c83fe94084aa0b4a/566db7f2/soft/.../manycam_5-0-5_fr_60026.exe

https://dw.uptodown.com/dwn/sRHfgJnau4ogMppoQdPiJ3K74XE9Kr__bbLRdrGeSUukup-WSDspWpwcKkt7q_6Ub5o_fqemCHXIyA73hEJZJv2dH51qvreqd5LYWD0tNco1GvF3xhOW6s4rmOw0kfz7/r1hN-vZDHdLBAt55zCmBdVD2NxKWOV1GrN577_EwQ0xisIkxOSy44iyOBiSPJg5WrOlzghDYf1q914Hkxpi_DdCd-bKCO1aD1yrreElk6iKUIx0d9WiIX9S28yHm7Iv6/.../

http://dw.br.uptodown.com/dl/1446138345/.../manycam-5-0-3-en-win.exe

https://dw.uptodown.com/dwn/rJpo8j4SmZQbGSW67xUitETMA-Ar5GNP-67ROFLsFrExD99RFramVzNe6BgZbupM_zP2M1oWAFqZWK6aDaAIyNk-em4gS9EDCK4f5QUGBHEVtXwZb_5WSAKi44ARgP0P/c3ibZ76VoQ4Dif0lC8asJ_3Ug8i5hu0UPAxIcngh6N41NrRhBodLqDY1JDjd3fMa8p0u4ymJOPZUHv_TRS0gvZolxDB9_7XFwEP8_i9233a2nzuz2sVR7Cm1Ds5pSf-C/.../

https://dw.uptodown.com/dwn/8nn01j30uRgyyGCSlWoSx5MFMPBqWTKEnjhIozIfVjUBSdPB7ezHSzSyClAzqgfxoaQ-JnklfeCmRQIg7Yi2lYV8th5Kt8T5Y87Ea8sA38FMqBAvFa3qX5ZfOUTavINe/pn3B1TUW4aO-OgzSCHNhx8xU_H08SpHVRcU6kk2EV9xT77CjgVNZ9Upa19AT4qEMJ7oAfy_r3eZirSOc4haxDw0RxDetQK34NnNvRQs4-c6WA6LYiGkFc-K805x3f7k5/.../

https://dw.uptodown.com/dwn/SG5aIH6oW4BZhnw8FfT2TD7EO7Q6suxs2oDMBT9jSYpXgRSge5f5q-Ww71X6y8H60MzGbba9SZC2XyRdqHJmIMXGQ_9FdyREhqv1RP3vWWy0iJPO0BfXe0TgmQXC6iMB/NZV0avByJri_UvJmjkmJbjwiHXIt7iDXUQNCnOvD22CMPYM8E-cuLvaMtTd6sGWUyipwikAwkNMe7QT8GDl9VApebt0ITO4MwoJ5VFS1UKi8Nv_hLJh97H5PKKRm2wpo/.../

http://dw.uptodown.com/dwn/e07np_-V3hNK19cvZHkF-8pVPPyGijM8UJ2mHsGZwX5ObkHOHe0BtLFD0MMycfnpWkEHg96RFrJhO8i3-g2IwKy-Nni0P_M82_YSx-QzZUKoTzmuwrbW7yKXklw62cd1/J8djSwSVVtIFigElq4cSvjw6hW891PLU5kLHs96WqBn-ZKJOTqbM-LiCGML-GMXIrjjh8eOxphY0UJrCPIz255H01zyeAhTNT-JUpYjXLnz1aegvtsYipd5c8vvT4T2E/.../

https://dw.uptodown.com/dwn/5APN0HLi7Xu64tYXKThB_0MU16itLTqvQnGN6gRW-fuvN2Db1oJgT6LZmAbpFU59KRkcveny9kogqe_pvmA0czxf871Nv3qD9oV0x8KXrJ5yxFakbAGYRqnlHO56pqN0/vP4fh1rQbzscFeq1ZM1ON_SJ82C85sowYf0iSpYC9f_D5IBlSu36qDk_IDNAMOSpJZ3g5Y6ug52Oot7-Ga1DOD9VXzYj3a9K9z_yN-ff_bgaUxqtRoL0cNp_i2DRVoBK/.../

https://dw.uptodown.com/dwn/54E7hz2B-kwFRqWnT14-SqQUZ4NnF2I3v52fJ29gSypoA66eeiPLHj1-vgynnkrJXgNJ8B0OMoDYTuG-WhYiQdnzz6qsNc66L90h5p8-bCC8BlSc7kqiuVfg8bl6ESem/yGAxEslB4qQ2kqTy6kfWIz0Iokw3UlAZTAO9-_sLt7vye91Tev8C2MDpgz66NC-sor-hWl9nfNj-4nAZI2dIb6aJxCRLLMINL4SWb_Rdl0KWTh7i6N0_hAG7V5V1koqQ/.../

http://lb.cdn.m6web.fr/d/c/a/15ac71b8510fa04e72eddc00d1d546d4/56524608/soft/.../manycam_5-0-5_fr_60026.exe

https://dw.uptodown.com/dwn/jA7OWL8v26YiikWQE1wTYdFxPb4EY310ZeODucdJtemV8lLWeip3IRAmcLaJU4_PuA-ZzZphrJ9ejytCvWKlf0CMDH8J2E6soZQDGZUwrLdp1oZXy-_3w7Ju7p6ZPxni/BHRdMUuL9_G6XuqGIges1rj_0yaNShZ0wMZh0D06U_eUq_WxF_r9S6qUL59rwcgPXty0v45ROKyf4vGMzIQAjdrGgaTlfR5kfWyH8ebuUsuI9I4_UBhhX-YaZqcnTgvN/.../

https://dw.uptodown.com/dwn/XKTlSmWd2u4FxC26CyVaviXBXEq3RsCoKqJ2oIukNb5VQzGGIaBtXSXylMxtrk4CkFxA1rAf7NDAZSx0Nm3vyThJ6ODX6IaaDbdN2CSVZzHmIPPm7WgEbN9aRbGkXXOY/s4krjWnCYGOaCHywKjKIynon6_hr8l7jVtMIdsjtEk1ZpzzWiVr4dLCKXnF49zRHgvlLnGvGQ8xphzLUdTbTjs2T0O9iC5rbIij5JF6MKeZ12MF1Hj_Y4UufYM6PHfIg/.../

https://dw.uptodown.com/dwn/XukVC3fle2FRCdPIaUgg0pGy1EBjBAl_IxNBrmzoFIgcgZqJrNGX-vGbSITBaB6hfRrdt0pHfzrdpTF-KehUUnzR0DyR4ccoN5YolefPdbx24cmFgB6wVSpDG6QpC6lz/U9ogZ7HFAtnDAEkUNooBdCvDWTN3fnreW_0WMhkAAdL2joTcI3gS7CqBCoiTjCRfnre6fnZuGklY4x3NTroobp4q1D0oUyYUhfyWueWKPJL1kbA76n4WaxAU9jxskOEL/iZAB7K8BATwR-Cc6kPCgX5FPcwdNy_08eOQLx0d-lZZihBbz8gYlaHxLaQxSLt2eGEhsg91JCspSExCbxAolx-IMXUHhw6_Xz_zDZZzw6VJW-o7zlXJggjzOIXYOTbWD/.../

http://dw.uptodown.com/dwn/rDO4QnuLrj7dMiMPK5y0TylyHBuOuXvSrnX-TyOaVDEoHY0g314ESwcOhjzv1GIuTqy-kCNW2aIXBeKnia9GbvYESY4icB3PGnTBd1hMDwjGYydkVU4GKEoQvFj5m_io/TDU04wy_eBE6wgc6nt7opdbSfSnkuE0iBOEYnMiJu-4OEuR6UnAfXX58XDnrRzQxiLtID4Wg0aw76h1exgyci9BpuI5aBlb0zelNQRw8rjzbMbb-lrYQE1jkjFcD6a6Q/.../

http://software-files-a.cnet.com/s/software/13/72/99/.../ManyCamWebInstaller.exe

http://lb.cdn.m6web.fr/d/c/a/35bab6f4c1992ac057fbd018ddad0bbd/55ac0dc5/soft/.../manycam_4-1-2_fr_60026.exe

http://dw.ar.uptodown.com/dl/1447432439/.../manycam-5-0-3-en-win.exe

http://lb.cdn.m6web.fr/d/c/a/342b4a5474e9206fbd0650fab759426b/56255a41/soft/.../manycam_5-0-5_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/f7b8250f188a3d6dc76fa29bb1510252/56597292/soft/.../manycam_5-0-5_fr_60026.exe

https://dw.uptodown.com/dwn/kx1XMiplJauojk6MulbbEaD_Pcs-pG2fWR9u-lJyyq5Gdww5MbYlufWRJ3ddyq5yIrVkaForGzttpp7aogRXRYahR-lqDJuAHj76HTpZkX5VzgiHSSjzuZh3ikBd14i7/jYz0t4oAeBcWGDiMXlai8lf9vZSKtVlbk04OqG1_y_9-_JEEyipBqJIFaofw3rczpL0rAp-4ffaMr1NkLok_x2ZpHtJpR1pLCXp7QlZRLQFUFqtFxFk2UCU7XbGl7UHG/.../

http://lb.cdn.m6web.fr/d/c/a/816c9c0ad5edd0ebed05cd2d8065ee30/565db3b5/soft/.../manycam_5-0-5_fr_60026.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../ManyCamWebInstaller.exe

http://dw.uptodown.com/dwn/AiH8xUahOAZ1S4DhudBckM1TI3gisM3N_tl9mX8ON5bSzVegJ_eqv15nYdglIvKMPjSXPslBOINf1_BYoorWCcWRdmG81K9bKx1LkRvsSe6eYfBDlgOk-ec-fZ0nVkCb/ZAbd5uamfl8QOyaVE4hoZrEnuO5A0X9z6qqh41Vle2cLKzTEk4wgtMfSa39F10Gu2ZgleKnbPlfUSI2AcSytCiyotUyiWdxLhsHeNuBAFfXe1Nr64oPQc_UuqyJKuajW/.../

http://dw.uptodown.com/dwn/MRSHGF42RiVSxPudXeOABp4DNwH-S5W8HOPpN0coh1xQyeYjWpSkSSB85Ov8R3wnd65VtP1BzqOXm2fQG41ez7KKlilWOF-9EBv-f23WqCaAjO88LMZPNr-oLfk6wJmD/ZSNPJBj0dOPjuFDaoKruIxO3xP8u2WqqOY-4F7CpcehCx-tqWb0R79xU86Z2JNiQzCF9kY6N8tGtY_yVkPQJoCURIzOKtA6VemrICKIyAuV0F8gr3dGJh-l1t-pS7c0m/.../

https://dw.uptodown.com/dwn/3PoZpAhgMGAGMMBYzSFbV_TUsmPOZvzd1ZmHwJ_W_rS7r9GTEK59D3hAL1ltwykSF5bthp8cZTRdTxTnhQTvyBGYh-xTtTeHer2JkIALd_tjtkpopYWsYVAOIa8rN5Gh/ktjtgbHVLUbrLLxKOrjx5Demzieyd_sde5zqyBU9x0f06Aa5xrgRaIceLW3pB71aC7_oEnWPZ8FXD907iZRlORV9O7UgQ0tTJO31jTTu5mmDNOOXg10K3fVO6fkhqnqA/.../

https://dw.uptodown.com/dwn/_bRbKwuf765KIvSJWdOZ-PEpCgS6v1nxmp-NSfBJ2x08D7yNnl_LDJbnymEUNsqDSZyePu5djcMkMXirCXmZyByAFTUhLzddJALJSCoxHAW1LW5Ow4HHVFBIkG8xwrDs/prfPe-1ME6ZA_ZKyUdbizkX8Quy4V_SZaFU9mkFmrPsZpZlAyDYtL_oBGFLZJYEyc855y6JjRKgzgQf1yimSuhqPvk0KyaiXlZ1MxcslbILP8wQHak37ijM9FYTcr07U/.../

http://softidol.com/.../manycam.exe

https://dw.uptodown.com/dwn/JUSM3jcBrPuFM6Pqpi145fCKdBY41GGb0ViRV84JuXIN8GCkg-tZp8ourijZqiVF-qmCCOJadbKSER8hzl1gcztBumau0QmnWa7uHjBadqYSbKlPFg4XMGUB8l9SD4pX/FZbkhz9fmEmVE_G5J6Euciliew2zsX3MWLB-7Q2aMteyIgLDrkA8qVlDO5f5GJ1GsSKpyjW1SnXsmQFPmBga3IblqbQ5euBY5SU0QOw8YtIiGEyop1MkU9qlpgfn4_Yt/.../

https://dw.uptodown.com/dwn/RLxtXCDtxLKVfYBmqOYcd1W-TfQhtdWWDlwMIXyirU-LHFLeQZqXXoEul6Wr1n-sFM0skQYDARw_WFHJvsWQ6iscgjpguBdOZ6B2cBEd71it50olg7_4Fl1spXsaS4sK/y2plKZmVpEBgLp7z9Sc6qXJ8i2naQtAHmF3USYYVAkFrDKBxCxe9BlDgtHnoz1J7kDGTh8DDa07II2Ooshk3dJ4ZfJn-GyVROC7UbDE_3siZMLWIYypSYIe3TGiy7Q4l/.../

https://dw.uptodown.com/dwn/s6v--aMNuAP1T6k2dqxxYekmgWB-IwzSITLetSDex0uy7Zyo9tTRkQwoBGhJDl95XNK_1XBKVTR1kOdPXlWx9wMjwkTB-IzL7y94ZvekJfUT2xjcEq1X7L8jaNZ3wtLm/Ra1OX_n5fi1oFcG9sIOsyliUEY4oFZqe4y6iN0wNB0CpmiuO1K7RmndbutIdPHJrZjyngLuh0KVEGYMnGzFpNtcE8UGm9tNW28OU-_8XXofTMtQW9jAhWW3l9aj3sjls/.../

Latest 30 of 233 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to visicom-82.nationalnet.com (69.50.129.55:443)

TCP (HTTP):

Connects to server-52-85-69-22.lhr5.r.cloudfront.net (52.85.69.22:80)

TCP (HTTP):

Connects to cache.google.com (196.201.63.49:80)

TCP (HTTP):

Connects to ec2-34-192-149-111.compute-1.amazonaws.com (34.192.149.111:80)

TCP (HTTP):

Connects to server-54-192-48-214.jfk5.r.cloudfront.net (54.192.48.214:80)

TCP (HTTP):

Connects to server-54-192-11-227.lhr3.r.cloudfront.net (54.192.11.227:80)

TCP (HTTP):

Connects to server-52-85-47-246.mad50.r.cloudfront.net (52.85.47.246:80)

TCP (HTTP):

Connects to server-52-85-184-148.fra2.r.cloudfront.net (52.85.184.148:80)

TCP (HTTP):

Connects to nat276.national-net.com (66.115.160.33:80)

TCP (HTTP):

Connects to server-54-239-180-157.gig50.r.cloudfront.net (54.239.180.157:80)

TCP (HTTP):

Connects to server-54-192-72-224.hkg50.r.cloudfront.net (54.192.72.224:80)

TCP (HTTP):

Connects to server-54-192-227-236.gig50.r.cloudfront.net (54.192.227.236:80)

TCP (HTTP):

Connects to server-54-192-209-221.mnl50.r.cloudfront.net (54.192.209.221:80)

TCP (HTTP):

Connects to server-52-84-179-10.gru50.r.cloudfront.net (52.84.179.10:80)

TCP (HTTP):

Connects to server-52-84-177-194.gru50.r.cloudfront.net (52.84.177.194:80)

TCP (HTTP):

Connects to 125.234.48.23.hcm.viettel.vn (125.234.48.23:80)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.