home

setup.exe

setup

AnySend

The application setup.exe by AnySend has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
AnySend  (signed and verified)

Product:
setup

Version:
1.0.0.0

MD5:
d05ec9561a2b4ae48b44740a5799ca47

SHA-1:
b6f19f62dbb3f6e733922704c4f9873975c5220d

SHA-256:
e1ecab37b948835e365e76d10c40aadcd84cab8644939899cc3ef8cf5f201b35

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 9:12:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11387941
887

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.166.216

avast!
Malware-gen
140813-1

AVG
Adware Vopackage.D
2014.0.4015

Bitdefender
Trojan.Generic.11387941
1.0.20.1220

Dr.Web
Adware.Downware.2703
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.11387941
8.14.09.01.04

ESET NOD32
Win32/VOPackage.E potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/VOPackage
9/1/2014

F-Secure
Trojan.Generic.11387941
11.2014-01-09_2

G Data
NSIS.Application.Vopackage
14.9.24

IKARUS anti.virus
PUA.Vopackage
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.VOPackage.A
v2014.09.01.04

McAfee
Artemis!C57F3A4A7C82
5600.7021

MicroWorld eScan
Trojan.Generic.11387941
15.0.0.732

NANO AntiVirus
Trojan.Win32.VOPackage.dejknz
0.28.2.61861

Norman
Downloader.HKGG
11.20140901

nProtect
Trojan.Generic.11387941
14.08.12.01

Reason Heuristics
PUP.Optional.Installer.K
14.9.1.4

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14830

Sophos
VOPackage
4.98

Trend Micro House Call
TROJ_GEN.F47V0424
7.2.244

File size:
451.4 KB (462,192 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2013

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
AnySend

Authority:
COMODO CA Limited

Valid from:
8/28/2013 2:00:00 AM

Valid to:
8/29/2014 1:59:59 AM

Subject:
CN=AnySend, O=AnySend, STREET=30 Lilenblum st, L=Tel Aviv, S=Israel, PostalCode=6513309, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E030276987E86FCA208D1789ECBA327A

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ezfj/bWIcLbT57oVD5YjbfRf6lU8/qxDNgALdjEfDQ69uX7utrq:E/qIcLp7oRyjNf6K8SxDmAaF9uX7uY

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.