» Setup.exe
Overview
Analysis
File Details

Setup.exe

ATTO Windows HBA Driver Installer

ATTO Technology, Inc.

The executable Setup.exe has been detected as malware by 9 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.

File name:

Setup.exe

Publisher:

ATTO Technology, Inc. (signed and verified)

Product:

ATTO Windows HBA Driver Installer

Version:

2, 6, 0, 0

MD5:

bb81cd44538d613000a18d76cdf7e031

SHA-1:

af676d369596e4bd1bbefa772416d7b81eee5b7b

SHA-256:

0d9e7d4576853d7f1207a477ea83fe61d1416f7d24ab3204e58ac120c5b2682a

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

4/19/2024 6:59:41 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Patched-HO [Trj]

160119-0

AVG

Win32/Slugin.A

2015.0.4477

Clam AntiVirus

Trojan.Spy-59563

0.98/21310

Dr.Web

Trojan.MulDrop3.48024

9.0.1.05190

Emsisoft Anti-Malware

Win32.SlugIn.A.Dam

10.0.0.5366

F-Prot

W32/Slugin.A.gen!Eldorado (generic, damaged, not disinfectable)

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.213.4543.0

Norman

Win32.SlugIn.A.Dam

11.01.2016 17:30:26

VIPRE Antivirus

Threat.4314869

46794

File size:

538.5 KB (551,427 bytes)

Product version:

2, 6, 0, 0

Original file name:

Setup.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Digital Signature

Signed by:

ATTO Technology, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/8/2007 7:00:00 AM

Valid to:

1/28/2009 6:59:59 AM

Subject:

CN="ATTO Technology, Inc.", OU=Headquarters, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="ATTO Technology, Inc.", L=Amherst, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

41F28B2F5D80B098DDF43B43F2938427

File PE Metadata

Compilation timestamp:

8/19/2008 1:16:29 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:rY6u3+pSwycXLxCY4D5V9tKSdDQjQoEHBVfhgjos/4zkZ:CKxktntKSdMlj4kZ

Entry address:

0x2D280

Entry point:

48, 83, EC, 28, E8, CB, 78, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 57, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4C, 24, 20, 48, 8D, 15, 10, D5, 01, 00, 41, B8, 40, 00, 00, 00, E8, E5, 0E, 00, 00, 48, 8D, 54, 24, 70, 48, 8B, CF, 48, 89, 5C, 24, 48, 48, 89, 7C, 24, 50, E8, 02, 09, 01, 00, 4C, 8B, D8, 48, 89, 44, 24, 70, 48, 89, 44, 24, 58, 48, 85, FF, 74, 1E, F6, 07, 08, B9, 00, 40, 99, 01, 74, 06, 89, 4C, 24, 40, EB, 0E, 8B, 44, 24, 40, 4D, 85, DB, 0F, 44, C1, 89, 44... 
[+]

Code size:

257.5 KB (263,680 bytes)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.