home

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Setup Bootstrapper

Version:
16.0.4266.1001

MD5:
92c34025207f2aa9ffd194f475103f68

SHA-1:
c9ed9845fb7fe04312de0a1ed65bf62804324308

SHA-256:
b19d79cdccfb4d48bc8f33ec2422acdf17ade17dd9ba23ea28c23706244e2184

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/29/2024 9:32:26 AM UTC  (today)

File size:
256.2 KB (262,336 bytes)

Product version:
16.0.4266.1001

Original file name:
setup.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/4/2015 10:42:45 AM

Valid to:
9/4/2016 10:42:45 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
7/30/2015 5:26:14 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:rvxgxixN4ldLaeKmZQEAPLtwlAeyKaDN+WZy:2wLuLahmZ2uhuY9

Entry address:
0x1978

Entry point:
48, 83, EC, 28, E8, E7, 03, 00, 00, 48, 83, C4, 28, E9, 72, FE, FF, FF, 90, 90, 48, 83, EC, 28, 4D, 8B, 41, 38, 48, 8B, CA, 49, 8B, D1, E8, 0D, 00, 00, 00, B8, 01, 00, 00, 00, 48, 83, C4, 28, C3, 90, 90, 90, 53, 45, 8B, 18, 48, 8B, DA, 41, 83, E3, F8, 4C, 8B, C9, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49, 63, C3, 4A, 8B, 14, 10, 48, 8B, 43, 10, 8B, 48, 08, 48, 03, 4B, 08, F6, 41, 03, 0F, 74, 0C, 0F, B6, 41, 03, 83, E0, F0, 48, 98, 4C...
 
[+]

Entropy:
3.8608

Code size:
43.5 KB (44,544 bytes)

The file setup.exe has been seen being distributed by the following 9 URLs.

ftp://172.24.15.81/ftppermenant/office/office 2016/.../setup.exe

https://mega.nz/temporary/.../MJFWHapL

https://doc-0o-c0-docs.googleusercontent.com/docs/securesc/2it1s15qcc92o3tbou33lighf9rifrn5/du9fs0fk3i4gurrrrvendp4j5im9gpln/1464768000000/.../13955730464338814249/0BxWcvu4zA6cBMzRwblNscTVwQjA?e=download

https://www.dropbox.com/pri/get/appl/.../setup.exe

https://doc-00-34-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/3oanmcm1qc49t41ilkccse0suohurjm7/1475431200000/10003210646579336722/.../0B5pq5xuRj_6wMWFkUVZxOE4waG8?e=download

https://doc-08-1c-docs.googleusercontent.com/docs/securesc/nj0pqd152a0fsisj90squt7j96itl01m/att6ae17pjkil6fqnmjgr9ksjm1jlfbj/1471478400000/.../04474643313316192026/0B7qNn-VgChSMZjYxMnNJSkNQUms?e=download

https://onedrive.live.com/download.aspx?cid=70460DC6B80D01F9&authKey=!AMG7wxGPxAgXh6g&resid=70460DC6B80D01F9!6261&ithint=.exe

temp:setup.exe

https://vides2.ethz.ch/download/danielci_igidchpnsrrnqrmsuroos/danielci//MS-Office_2016_Win_EN/64-bit/.../setup.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.