home

setup.exe

Yumon System S.L.

The application setup.exe by Yumon System S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from az837271.vo.msecnd.net.
Publisher:
Yumon System S.L.  (signed and verified)

MD5:
e8d70bfd18ce35b7480dc521a356e094

SHA-1:
cabf711d65d48c2a9bfdd6395516a10327ac33ec

SHA-256:
7a263261f45bb9c053dc28d3bd2a334ea08adc1e8d5f562d813e8b81189f73ee

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/5/2024 3:27:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SoftPulse.YumonSys.Installer (M)
16.7.5.11

File size:
1.7 MB (1,800,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Yumon System S.L.

Authority:
Symantec Corporation

Valid from:
2/27/2015 2:00:00 AM

Valid to:
2/28/2016 1:59:59 AM

Subject:
CN=Yumon System S.L., O=Yumon System S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
020F85D2B2BD258B2EDCCC1F80E5669E

File PE Metadata
Compilation timestamp:
12/10/2015 11:51:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:UOn8+sVxRT+cIoduLHT/HLdKOY4yNc1XAMRN93Yq4ck4TM7wTMM:/YxB+Zo07T/LdK74nXN93eck45MM

Entry address:
0x1000

Entry point:
B8, 7C, 31, 88, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 4B, 12, 1F, 6A, 01, D4, 00, 00, 00, 00, B4, 0F, E7, 0E, C2, E7, 9C, 76, 20, 31, FA, BB, 83, 38, 65, FC, 03, C7, 05, 04, 50, 84, 81, A4, 9B, BF, 44, 3F, 4D, 05, FF, 68, 00, 00, 00, 00, 30, 61, 01, 2B, 31, E4, 3B, 59, 42, 22, 7B, 84, 2F, 93, 78, 08, 8E, F4, 45, FD, A1, D7, 11, 95, D8, 40, 9F, 21, 71, C2, 1E, 21, 00, 00, 00, 00, 0C, 52, 02, 11, 18, 9C, 99, 40, 70, 0B, 84...
 
[+]

Packer / compiler:
PECompact v2

Code size:
3.6 MB (3,760,640 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://az837271.vo.msecnd.net/MTIzNDU2Nzg5MDEyMzQ1NpSbqs6F_hMztMqm9gydApa9v7bUTPHD_zLSqy-Nwv2dwLxM8yDa-oM03cqMiepjOOmMn-_HyUNoCNayr7WIlsNdnr3Vt1utMrZhkz9xQRur6onJ1XkqLA7GBcOkUPTruUEjDoKUU8zgxzven3khzPeADaxsOzUVTkgTnuj1FA69JzkKOTBmkYfzKQVtlzJfp2MnQtQNhHffz0P760sF6YvzxsLIz6JIyZjlbMrehodYDEhZPkSRlm8vZLfQZh8jwLixlogrI_bwrSqmbkBizE4XdeW7Opz-TUxmTUfRaW3z2Yl7MJPL22EKrYgFgkzAjp8L4fy4g5AP1p_wcdoevX1XfhXyU58mw5k6Z2yd3xw0XD_TzxD39oqCT8o3FkQSz2L2J1CPT67aWDEteAjF0WDMwiM90_l4xtPNAUv3NsJHChMtKDTypPzZbKozuBdhlhrJ9GaDPhaS1bnEx_9-kjA=

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.