» setup.exe
Overview
Analysis
File Details
Downloads (9)

setup.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from getfplayer.com and multiple other hosts.

File name:

setup.exe

MD5:

4af7776177182ccfb730ae6fee1c5fa4

SHA-1:

b9ccd5720ed74cd8d5cd95b0728a3a95bfba7487

SHA-256:

efa7a358d562b3205c749bbac5b67f27c13bb1ff92e4cf0d502810e08fe0e408

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 6:20:59 AM UTC (today)

Scan engine

Detection

Engine version

SUPERAntiSpyware

Trojan.Agent/Gen-Clicker

10532

Trend Micro House Call

TROJ_GEN.F47V0302

7.2.171

File size:

404.7 KB (414,411 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Ye34/p50XvpF1YZ7yvIx4cHQdbXE39fJTWcm9VzrTYWYvriW2KET/XCKb4vXnmP8:Spif71crx4Nb0VoDVzvYW8rRErXB8mp6

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following 9 URLs.

http://getfplayer.com/get.php?c=ZnJvbT1oMnBvcm5vdHViZS5jb207bGZyb209aDJwb3Jub3R1YmUuY29tO2lkY2hlY2s9MTM5NTQzMDYxODt2cz1oMnBvcm5vdHViZS5jb218O2luZGV4X3BhZ2U9MTtIc3RDZmEyMDM4ODgwPTEzOTU0MzA2MTUzNTU7SHN0Q2xhMjAzODg4MD0xMzk1NDMwNjE1MzU1O0hzdENtdTIwMzg4ODA9MTM5NTQzMDYxNTM1NTtIc3RQbjIwMzg4ODA9MTtIc3RQdDIwMzg4ODA9MTtIc3RDbnYyMDM4ODgwPTE7SHN0Q25zMjAzODg4MD0xO2NfcmVmXzIwMzg4ODA9aHR0cDovL2gycG9ybm90dWJlLmNvbS87cm90X2luPTE7&id=2&exv=

http://getfplayer.com/get.php?c=ZnJvbT1sdXN0NHBvcm5vLmNvbTtsZnJvbT1sdXN0NHBvcm5vLmNvbTtpZGNoZWNrPTEzOTQwNjMwNjY7aW5kZXhfcGFnZT0xO0hzdENmYTIwMzg4ODA9MTM5NDA2MzA2OTg2ODtIc3RDbXUyMDM4ODgwPTEzOTQwNjMwNjk4Njg7Y19yZWZfMjAzODg4MD1odHRwOi8vd3d3Lmx1c3Q0cG9ybm8uY29tLztsYXN0X3VybD1jb250ZW50O0hzdENsYTIwMzg4ODA9MTM5NDA2MzEwMjQ3NjtIc3RQbjIwMzg4ODA9MjtIc3RQdDIwMzg4ODA9MjtIc3RDbnYyMDM4ODgwPTE7SHN0Q25zMjAzODg4MD0xO19fYXR1dmM9MnwxMDtyb3RfaW49MTt0bz18dXJsfDEwMG5vbnVkZXMuaW5mbzt2cz0xMDBub251ZGVzLmluZm98bHVzdDRwb3Juby5jb218Ow==&id=2&exv=

http://getfplayer.com/get.php?c=SHN0Q2ZhMjAzODg4MD0xMzkyMTk3MTE4NDM2O0hzdENtdTIwMzg4ODA9MTM5MjE5NzExODQzNjtleHY9dHN0bDA1O2V4aW1nPWh0dHA6Ly9pLmltZ3VyLmNvbS8yaWI5V3VLLnBuZztmcm9tPWdheWJvdW5jZS5jb207bGZyb209Z2F5Ym91bmNlLmNvbTtpZGNoZWNrPTEzOTM1NDYxODg7dnM9Z2F5Ym91bmNlLmNvbXw7aW5kZXhfcGFnZT0xO3JvdF9pbj0xO0hzdENsYTIwMzg4ODA9MTM5MzU0NjE5Mjk1MjtIc3RQbjIwMzg4ODA9MTtIc3RQdDIwMzg4ODA9NDtIc3RDbnYyMDM4ODgwPTI7SHN0Q25zMjAzODg4MD0yO2NfcmVmXzIwMzg4ODA9aHR0cDovL2dheWJvdW5jZS5jb20vOw==&id=2&exv=

http://www.thesoftdll.com/.../Setup.exe

http://getfplayer.com/get.php?c=ZnJvbT1ocS14bnh4LmNvbTtsZnJvbT1ocS14bnh4LmNvbTtpZGNoZWNrPTEzOTQ0MjgyMjQ7dnM9aHEteG54eC5jb218O2luZGV4X3BhZ2U9MTtIc3RDZmEyMDM4ODgwPTEzOTQ0MjgzNDY1NTM7SHN0Q211MjAzODg4MD0xMzk0NDI4MzQ2NTUzO2NfcmVmXzIwMzg4ODA9aHR0cDovL2hxLXhueHguY29tL2NhdGVnb3J5LzM2NS9qdW5nbGUvO0hzdENsYTIwMzg4ODA9MTM5NDQyODM2MDkwOTtIc3RQbjIwMzg4ODA9MjtIc3RQdDIwMzg4ODA9MjtIc3RDbnYyMDM4ODgwPTE7SHN0Q25zMjAzODg4MD0xO3JvdF9pbj0xO3RvPXx1cmx8dXJsO2xhc3RfdXJsPWNvbnRlbnQ7SHN0Q2ZhMjU5ODkzOD0xMzk0NDI4MzcyODc5O0hzdENsYTI1OTg5Mzg9MTM5NDQyODM3Mjg3OTtIc3RDbXUyNTk4OTM4PTEzOTQ0MjgzNzI4Nzk7SHN0UG4yNTk4OTM4PTE7SHN0UHQyNTk4OTM4PTE7SHN0Q252MjU5ODkzOD0xO0hzdENuczI1OTg5Mzg9MTtQSFBTRVNTSUQ9NDMwYmJjY2I3MzU1NjljZmUxNGNkNTQ0YWVkZTA5YjI7&id=2&exv=

http://getfplayer.com/get.php?c=aW5kZXhfcGFnZT0xO2Zyb209c2V4eWdyYW5ueXR1YmUuY29tO2xmcm9tPXNleHlncmFubnl0dWJlLmNvbTtpZGNoZWNrPTEzOTQ3MjQ1MDI7dnM9c2V4eWdyYW5ueXR1YmUuY29tfDtyb3RfaW49MTtIc3RDZmEyMDM4ODc5PTEzOTQ3MjQ0OTk1MjM7SHN0Q2xhMjAzODg3OT0xMzk0NzI0NDk5NTIzO0hzdENtdTIwMzg4Nzk9MTM5NDcyNDQ5OTUyMztIc3RQbjIwMzg4Nzk9MTtIc3RQdDIwMzg4Nzk9MTtIc3RDbnYyMDM4ODc5PTE7SHN0Q25zMjAzODg3OT0xO2NfcmVmXzIwMzg4Nzk9aHR0cDovL3d3dy5zZXh5Z3Jhbm55dHViZS5jb20vOw==&id=2&exv=

http://getfplayer.com/get.php?c=ZnJvbT10ZWVubGFuZC5iaXo7bGZyb209dGVlbmxhbmQuYml6O2lkY2hlY2s9MTM5NDUxMzIxNjt2cz10ZWVubGFuZC5iaXp8O2luZGV4X3BhZ2U9MTtIc3RDZmEyMDM4ODc5PTEzOTQ1MTMyMjUwMjI7SHN0Q211MjAzODg3OT0xMzk0NTEzMjI1MDIyO2NfcmVmXzIwMzg4Nzk9aHR0cDovL3RlZW5sYW5kLmJpei87Y3M9MTtHQkQ1LTEwNTA1NjRyaHBtYXg9MXxXZWQsIDEyIE1hciAyMDE0IDA0OjQ3OjA3IEdNVDtHQkQ1LTEwNTA1NjRyaHBtaW49eWVzO2xhc3RfdXJsPWNvbnRlbnQ7cm90X2luPTE7SHN0Q2xhMjAzODg3OT0xMzk0NTEzMjI4NTMwO0hzdFBuMjAzODg3OT0yO0hzdFB0MjAzODg3OT0yO0hzdENudjIwMzg4Nzk9MTtIc3RDbnMyMDM4ODc5PTE7&id=2&exv=

http://getfplayer.com/get.php?c=ZnJvbT1taWtlbGlua3MuY29tO2xmcm9tPW1pa2VsaW5rcy5jb207aWRjaGVjaz0xMzkzOTc4MjU3O3ZzPW1pa2VsaW5rcy5jb218O2luZGV4X3BhZ2U9MTtIc3RDZmEyMDM4ODgwPTEzOTM5NzgyODM3Mjk7SHN0Q211MjAzODg4MD0xMzkzOTc4MjgzNzI5O2NfcmVmXzIwMzg4ODA9aHR0cDovL3d3dy5taWtlbGlua3MuY29tL2NhdGVnb3J5L21pbGY7SHN0Q2xhMjAzODg4MD0xMzkzOTc4MjkzNTcwO0hzdFBuMjAzODg4MD0yO0hzdFB0MjAzODg4MD0yO0hzdENudjIwMzg4ODA9MTtIc3RDbnMyMDM4ODgwPTE7dG89fHVybHx1cmw7bGFzdF91cmw9Y29udGVudDtIc3RDZmEyNTk4OTM4PTEzOTM5NzgyOTcwMTc7SHN0Q2xhMjU5ODkzOD0xMzkzOTc4Mjk3MDE3O0hzdENtdTI1OTg5Mzg9MTM5Mzk3ODI5NzAxNztIc3RQbjI1OTg5Mzg9MTtIc3RQdDI1OTg5Mzg9MTtIc3RDbnYyNTk4OTM4PTE7SHN0Q25zMjU5ODkzOD0xO3JvdF9pbj0xO1BIUFNFU1NJRD01YTdiMGNhMGMzYzM4ZTk5NzIxNmRhM2U3ZTZkNzEwNzs=&id=2&exv=

http://getfplayer.com/get.php?c=SHN0Q2ZhMjAzODg4MD0xMzkzNTE5NjgwNjAwO0hzdENtdTIwMzg4ODA9MTM5MzUxOTY4MDYwMDtmcm9tPXByZXRlZW5naXJscy5pbmZvO2xmcm9tPXByZXRlZW5naXJscy5pbmZvO2lkY2hlY2s9MTM5Mzk2MDkzODt2cz1wcmV0ZWVuZ2lybHMuaW5mb3w7aW5kZXhfcGFnZT0xO19fdXRtYT0xODc3NDMyODQuMTkwMDEyMTUzNi4xMzkzNTE5NjgxLjEzOTM1MTk2ODEuMTM5Mzk2MDkzOC4yO19fdXRtYj0xODc3NDMyODQuMS4xMC4xMzkzOTYwOTM4O19fdXRtYz0xODc3NDMyODQ7X191dG16PTE4Nzc0MzI4NC4xMzkzOTYwOTM4LjIuMi51dG1jc3I9cHJldGVlbmdpcmxzLmluZm98dXRtY2NuPShyZWZlcnJhbCl8dXRtY21kPXJlZmVycmFsfHV0bWNjdD0vO0hzdENsYTIwMzg4ODA9MTM5Mzk2MDkzODE2MDtIc3RQbjIwMzg4ODA9MTtIc3RQdDIwMzg4ODA9MjtIc3RDbnYyMDM4ODgwPTI7SHN0Q25zMjAzODg4MD0yO2NfcmVmXzIwMzg4ODA9aHR0cDovL3d3dy5wcmV0ZWVuZ2lybHMuaW5mby87cm90X2luPTE7&id=2&exv=

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.