» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The executable setup.exe has been detected as malware by 20 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.google.com.

File name:

setup.exe

MD5:

e6e37da78bcffbc96da9a29db359c6d4

SHA-1:

e6903151e1aab31d2de48192cd32848e64157896

SHA-256:

fb6fa1fb91efab2af15b2a5ad13e8b3b968e2aa5b1b328666f998c2ac15a25ed

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/18/2024 6:45:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1625811

1039

AhnLab V3 Security

Trojan/Win32.Ransomlock

14.04.01

Avira AntiVirus

TR/Fareit.A.37

7.11.140.122

Bitdefender

Trojan.GenericKD.1625811

1.0.20.455

Emsisoft Anti-Malware

Trojan.GenericKD.1625811

8.14.04.01.03

ESET NOD32

Win32/Kryptik.BYOC (variant)

8.9621

Fortinet FortiGate

W32/Fareit.AOBE!tr.pws

4/1/2014

F-Secure

Trojan.GenericKD.1625811

11.2014-01-04_3

G Data

Trojan.GenericKD.1625811

14.4.24

Kaspersky

Trojan-PSW.Win32.Fareit

14.0.0.4082

McAfee

Artemis!E6E37DA78BCF

5600.7173

Microsoft Security Essentials

PWS:Win32/Fareit

1.10401

MicroWorld eScan

Trojan.GenericKD.1625811

15.0.0.273

nProtect

Trojan.GenericKD.1625811

14.04.01.01

Panda Antivirus

Trj/CI.A

14.04.01.03

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_MOSERAN.BMC

7.2.91

Trend Micro

TROJ_MOSERAN.BMC

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

27918

File size:

95.5 KB (97,792 bytes)

File type:

Executable application (Win32 EXE)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\setup.exe

File PE Metadata

Compilation timestamp:

8/16/1999 10:32:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:MWD6Rw3HzRHftEwVpULB5w2U2GaFoV/ceKBRkZOAVwHsBAvC0NN++WVlTjF3AFsO:xD6uH1HfBDRrcX4OAVwLRNNPWVlVj/H2

Entry address:

0x1290

Entry point:

55, 89, E5, E8, 07, 00, 00, 00, C9, C3, 00, 00, 45, 58, 45, 29, FB, 8B, 0D, 3C, D0, 40, 00, 01, 25, 04, D0, 40, 00, 2B, 15, 80, D0, 40, 00, 68, 84, D0, 40, 00, E8, C0, 0A, 00, 00, E8, C1, 0A, 00, 00, 33, F0, E8, C0, 0A, 00, 00, 33, F0, E8, BF, 0A, 00, 00, 33, F0, 68, 8C, D0, 40, 00, E8, B9, 0A, 00, 00, 33, F0, 31, C0, 50, E8, B5, 0A, 00, 00, 89, 05, 3C, D0, 40, 00, 29, C3, 2B, D3, 01, EE, 2B, 0D, 04, D0, 40, 00, 01, 1D, 94, D0, 40, 00, 8B, F0, 89, 35, 1C, D0, 40, 00, 03, C7, 01, 25, 04, D0, 40, 00, 2B, DF... 
[+]

Code size:

40 KB (40,960 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.google.com/setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.