» setup.exe
Overview
Analysis
File Details
Downloads (34)

setup.exe

Microsoft Setup Bootstrapper

Microsoft Corporation

File name:

setup.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Setup Bootstrapper

Version:

14.0.4734.1000

MD5:

9afb5a5da819c49f831030d3e7de436e

SHA-1:

e2de4e25efab5b49537b35a9dd2278ec4bc74192

SHA-256:

3c6e488c20c3b458eaa8c2449cf01607596970d9be7a7522bced86d06c983182

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/26/2024 9:55:27 AM UTC (today)

File size:

1 MB (1,100,664 bytes)

Product version:

14.0.4734.1000

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

12/8/2009 12:40:29 AM

Valid to:

3/8/2011 12:40:29 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6101CF3E00000000000F

File PE Metadata

Compilation timestamp:

1/21/2010 11:31:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:ezqsmXt5DgK2r2T+qO/MosJi5Z6iQFI7XHgZQKhJgeCm4DLFSLfmNgR:ezqsWt5DgZ7/MS6iZLHgZpJEHDZSlR

Entry address:

0x559DD

Entry point:

E8, 03, 3E, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, B8, 3E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 5C, 03, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 37, 15, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 11, 0B, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, 69, 3E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD... 
[+]

Entropy:

6.5646

Code size:

505 KB (517,120 bytes)

The file setup.exe has been seen being distributed by the following 34 URLs.

https://drive.google.com/uc?id=0B3hQgDq2l1WjWUtEYU1uazVnX2M&export=download

https://drive.google.com/uc?id=0B_eBjVZlkLgJY0pTZmE5WlJQMms&export=download

https://doc-08-1o-docs.googleusercontent.com/docs/securesc/l63qji7jq54cdlb5gj8vm3nmfmdb0gg0/a862c4jg55bbbvp64j48rn9et4g970il/1486994400000/10924616385899138746/.../0BzJ8ub6nj7ZoTVMwWng0emJsYjg?e=download

https://onedrive.live.com/download.aspx?cid=B1CF6AC2D1EB27F2&resid=B1CF6AC2D1EB27F2!3498&canary=EsDuCZXH3BcG7Knq VqlVXwtonOvgmaoGL2wQE5CU80=7&ithint=.exe

https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/f74rabumte6gehl9ja7tl6peqtb365qm/2khd9flb5qvmak0qvbj1v3hn284s32mi/1481868000000/05401576335872895503/.../0B4W5goAVVBvgaERhdUJSdHZBQ3M?e=download

https://doc-10-7c-docs.googleusercontent.com/docs/securesc/3m04i42qeuo040rfah0gt7015bl2a775/8t2kpgv3lcr7jiok96rcee8fd2a1e324/1483012800000/07703025217203802606/.../0B9QurR63nDSAd09VZ1FzRnZVZ28?e=download

http://192.168.3.3/NEW SOFTWARES/.../setup.exe

https://drive.google.com/uc?id=0Bx1AHGsN_DGpNFItLTV0aWhIdVU&export=download

https://doc-0c-08-docs.googleusercontent.com/docs/securesc/td6btmij92qc93p8hjh35d3hsc5orv91/1o744hoh2ebhbi0fr298sjr57ukfkvrh/1475611200000/11965225160099278666/.../0BxhWWiByKma9NHJ5aXN0NkJXOVk?e=download

https://doc-0c-3c-docs.googleusercontent.com/docs/securesc/iu2fvg6372vigf3blidjrmd68pju9d7e/ohusa01nfmhqeppg8dkrnfhm5scsnkv9/1473004800000/.../02575094953310200389/0B5gO1eMyJ-dHUDM3MTF6UjY4dTQ?e=download

https://doc-04-3c-docs.googleusercontent.com/docs/securesc/q95vs0uqa24tns55kggv6amsutqtrcvq/ursp6546dre3vqmtq4ht9a918su37pj0/1477677600000/.../06620397590611526049/0B6OK1M4-gtcTb2dOT1BKVXFmejQ?e=download

https://onedrive.live.com/.../yt7dqSkHeoEaiuirjoXwHo7HtHMI JRik=5&ithint=.exe

https://dl.dropboxusercontent.com/s/.../setup.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-UygB0tgVvzmsSQCDd0nFHEe6OoH3LXUW5TaFE4HCg-m70vihH7Lc8tu-FuA4CYjNOstHGQ2SvOzuBlPC52QM-g/messages/@.id==ACUIDNkAABFOWCNQ8A3LQJYr8TE/content/parts/@.id==4/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBa0M4MNZsQovinL9UJoIy_fC97nWyyyOFbgn-O_gz35DaFPMq2TSv3AQNG6jSCBdfhg4-jaCu2dfGPJQyGvfd9B&error=https://mg.mail.yahoo.com/.../iframemsg?id=abd19f30-e175-c71f-92f1-e71e0f298b42&ymreqid=96efd48f-92d5-a51e-01c6-5c0027010000

http://192.168.1.65/api/1.0/rest/file_contents/Derek/Software/.../setup.exe

http://download1482.mediafire.com/j9kudg691izg/.../setup.exe

ftp://10.42.40.100/0.BDVHX/setup/setup/.../Microsoft Office 2010 [khong can key] www.kptech.com.vn.rar/setup.exe

https://docs.google.com/uc?authuser=0&id=0B3fdDvx3HZIIbk04dUQ5R2c1Vlk&export=download

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-_OV0nTCiLpLWFj_BWw9f5TVAuN_a2txOBDlA30nF2MkH8Dd0aSgQHxKUn_IAgqKD/messages/@.id==AENUimIAAq2KWDEQ6gxIiOz5Q2w/content/parts/.../raw?appid=YahooMailBasic&ymreqid=6aee8245-07ea-36d3-13ac-7c0000010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZe3EgBS2wALhTUpweeKrK9CIjebInNjGaRmBepCNH7y89-jQXu_UnefLFD3diqYYOldJA8i3vzfiNePJFcLA02

https://doc-10-6o-docs.googleusercontent.com/docs/securesc/piuj553qdaekj36rpt1776el4l02vpp4/kgnpacflg4587avgd5sa5f89hdsn7s33/1471896000000/16178751697317301502/.../0B9NSpWkfIAL2VlNaQWRKLVpBNUk?e=download

https://doc-0g-2g-docs.googleusercontent.com/docs/securesc/uvm80bp74ghcabm13fp5av33ho2e318e/qfks27oc9v54o2bejkvbe72iqkngv26f/1469606400000/07301347877777672899/.../0B1M2Vp6EssFvRHp0MUlYSThfWWM?e=download

https://docs.google.com/uc?id=0B3NOvAXcEhUAajh6WE8xaVc2VUE&export=download&invite=CLfH85cL

https://drive.google.com/uc?id=0B7zV7pgzOjVBeTFuV1JnTG40MkU&export=download

https://drive.google.com/uc?id=0B5pz0L77Cw1kU2QzRklKWXBLSzQ&export=download

https://drive.google.com/uc?id=0B0zRT1hhKRF7REp1dTdQUEFoZHc&export=download

https://dl-web.dropbox.com/get/Anniversary 2013/.../setup.exe

https://mg.mail.yahoo.com/ya/.../WVHgA1gP7iPr6vNM&fid=Sent&pid=4&clean=0&appid=YahooMailNeo

ftp://10.1.0.5:30/office 2010/.../setup.exe

https://www.dropbox.com/sh/8c754fo8wgsr3th/.../setup.exe

https://dl-web.dropbox.com/get/.../setup.exe

Latest 30 of 34 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.