home

setup.exe

Amigo Installer

Mail.Ru LLC

The application setup.exe by Mail.Ru has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address amigo.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by Mail.Ru LLC)

Product:
Amigo Installer

Version:
54.0.2840.193

MD5:
9dfaea8885604853321bf811337a7292

SHA-1:
f03f03cfec9821e74c9687974f7c00ae50202dbb

SHA-256:
9763b0fd5ea5dea1afb886ae75891e8995451ce949147d48900bcec4fdaac771

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 9:46:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amigo (L)
17.2.22.10

File size:
1.3 MB (1,332,952 bytes)

Product version:
54.0.2840.193

Copyright:
Copyright 2016 The Chromium Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Mail.Ru LLC

Authority:
Thawte, Inc.

Valid from:
8/6/2015 10:00:00 AM

Valid to:
8/6/2017 9:59:59 AM

Subject:
CN=Mail.Ru LLC, O=Mail.Ru LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
46946F32338A79AED5D30FEACE24618C

File PE Metadata
Compilation timestamp:
2/21/2017 2:02:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0xB2A3A

Entry point:
E8, 8C, 0A, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 6A, FF, 68, 4E, 62, 4E, 00, 64, A1, 00, 00, 00, 00, 50, 51, 53, 56, 57, A1, 54, D2, 50, 00, 33, C5, 50, 8D, 45, F4, 64, A3, 00, 00, 00, 00, 89, 65, F0, FF, 75, 08, 83, 65, FC, 00, E8, 5A, F6, FF, FF, 59, EB, 08, B8, 82, 2A, 4B, 00, C3, 33, C0, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5E, 5B, 8B, E5, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, AD, D0, D3, EA, C3, 8B, C2, 33, D2, 80, E1, 1F, D3, E8, C3...
 
[+]

Code size:
917 KB (939,008 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to amigo.mail.ru  (217.69.139.252:80)

TCP (HTTP):
Connects to ip-172-26-136-19.ec2.internal  (172.26.136.19:80)

TCP (HTTP):
Connects to static.147.166.63.178.clients.your-server.de  (178.63.166.147:80)

TCP (HTTP):
Connects to ip-172-26-136-17.ec2.internal  (172.26.136.17:80)

TCP (HTTP):
Connects to a23-42-27-27.deploy.static.akamaitechnologies.com  (23.42.27.27:80)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.