home

setup.exe

InstallShield

Acresso Software Inc.

The program is a setup application that uses the InstallShield Setup installer. This is the uninstaller utility registered in the Windows Control Panel for the program TOSHIBA Sync Utility by TOSHIBA Corporation. The file has been seen being downloaded from www.sobolsoft.com.
Publisher:
Acresso Software Inc.

Product:
InstallShield

Description:
InstallScript Setup Launcher

Version:
16.0.400

MD5:
753d1e74d8959ce3da2cd4899a6e7a8f

SHA-1:
b6a3dc084b14fb1c4eb346f8216d27b32b6f8bda

SHA-256:
552bee0c0d9af1399022451accd3fd527fe865428658482196ecf45432f7a235

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 4:14:18 PM UTC  (today)

File size:
784 KB (802,816 bytes)

Product version:
16.0

Copyright:
Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

File PE Metadata
Compilation timestamp:
9/22/2009 12:59:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:hU9j8D8F3GLLE2tyjn+n7iH1i/5WhYz/KmsYuNpkKHX2aAzlNjYPDdOTBCGvVpRS:hKj84VGLHik/Lz/BXuALlNcLdIF3qWh8

Entry address:
0x3D484

Entry point:
55, 8B, EC, 6A, FF, 68, 50, 85, 46, 00, 68, A8, F0, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 24, 73, 46, 00, 33, D2, 8A, D4, 89, 15, 88, DB, 47, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 84, DB, 47, 00, C1, E1, 08, 03, CA, 89, 0D, 80, DB, 47, 00, C1, E8, 10, A3, 7C, DB, 47, 00, 6A, 01, E8, 43, 38, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 28, 15, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
406.5 KB (416,256 bytes)

76 Program Uninstaller
Program name:
TOSHIBA Sync Utility

Display publisher:
TOSHIBA Corporation

Display version:
2.0.3060

Uninstall string:
C:\Program Files (x86)\InstallShield Installation Information\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}\setup.exe -runfromtemp -removeonly

Program name:
TOSHIBA Places Icon Utility

Display publisher:
TOSHIBA Corporation

Display version:
1.1.1.4

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{461F6F0D-7173-4902-9604-AB1A29108AF2}\setup.exe" -runfromtemp -l0x0409 -removeonly

Program name:
Dell KM632 Wireless Keyboard Caps Lock Indicator

Display publisher:
Dell

Display version:
2.1.9.0401

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{55586382-6704-4237-AAA7-85FF9C055022}\setup.exe" -runfromtemp -l0x0409 -removeonly

Program name:
LG United Mobile Driver

Display publisher:
LG Electronics

Display version:
3.8.1

Uninstall string:
"C:\Program Files\InstallShield Installation Information\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}\setup.exe" -runfromtemp -l0x040a LG -removeonly

Program name:
Ubisoft Game Launcher

Display publisher:
UBISOFT

Display version:
1.0.0.0

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly

Program name:
NETGEAR WNA3100 wireless USB 2.0 adapter

Display publisher:
NETGEAR

Display version:
2.2.0.2

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe" -runfromtemp -l0x0409 -removeonly


Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
InstallShieldSetup

Command:
C:\Program Files1\instal~1\{c2425~1\setup.exe -rebootC:\Program Files1\instal~1\{c2425~1\reboot.ini


The file setup.exe has been seen being distributed by the following URL.

http://www.sobolsoft.com/notereminder/.../setup.exe

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.