» setup.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

setup.exe

Installer

The application setup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The file has been seen being downloaded from safedownloadsrus131.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

setup.exe

Product:

Installer

Version:

1.0.0.1

MD5:

191cef1acb169a5d7dc721234a86b4cd

SHA-1:

e60f5fc5c0eb71ccc13c269a1db004fdcdbb5469

SHA-256:

90fe3805b8a9e0dde64288cb9ee6eb3b8c530ab990b54e23d024ecb54c73c74c

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

6/29/2025 7:13:00 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Neshta.a

7.11.30.172

avast!

Win32:Malware-gen

150525-2

Dr.Web

Adware.Downware.11074

9.0.1.0150

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.86912

8.15.05.30.12

ESET NOD32

Win32/AdGazelle.I potentially unwanted application

7.0.302.0

F-Prot

W32/S-6897f6c9

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.189304

11.2015-30-05_7

IKARUS anti.virus

AdWare.AdGazelle

t3scan.1.9.2.0

Malwarebytes

PUP.Optional.Downware

v2015.05.30.12

NANO AntiVirus

Riskware.Win32.Downware.drcrbc

0.30.24.1636

Norman

Gen:Variant.Graftor.189304

11.20150530

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.30.8

VIPRE Antivirus

Threat.5063330

39676

File size:

281.1 KB (287,808 bytes)

Product version:

1.0.0.1

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

5/27/2015 6:58:49 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:jd+DEoAj1wjPNPxAp1RCHdMpWwVblyGVzf+nM0CEAg0Fu0Ag0FuKxMTbU4Aba5vx:jd+QoEGrNOaHeTVbcGVrERAO0AODkGX

Entry address:

0xFC63

Entry point:

E8, 90, AC, 00, 00, E9, 8B, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, E8, C2, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, E8, C2, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03... 
[+]

Entropy:

6.2119

Code size:

160.5 KB (164,352 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://safedownloadsrus131.com/download/.../1771?lpm_id=127

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.