» setup11.exe
Overview
Analysis
File Details
Downloads (2)

setup11.exe

Id-Stiwstv

Aqfmzq & co.

The application setup11.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from cdn.chironexfleckeriwhite.com and multiple other hosts.

File name:

setup11.exe

Publisher:

Aqfmzq & co.

Product:

Id-Stiwstv

Description:

Jmrsnvqdhzn

Version:

12.7.12.7

MD5:

7f38d644633d1f85a619a51b25559f64

SHA-1:

b62c71e2a4e3fe6ac3eeae1c4c2b759a845639a8

SHA-256:

3537afba51c1b1c604245caf91e6a77d64704498638aa9c7c1c54b64d7c4339f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/16/2024 10:00:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider.Aqfmzqco.Installer.Meta (M)

15.12.30.16

File size:

12.7 MB (13,322,959 bytes)

Trademarks:

Stiwstv is a trademark of Clifhgrmilpknw

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\iorwmnzjnn\setup11.exe

File PE Metadata

Compilation timestamp:

12/4/2012 11:55:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

393216:CTqEoLzHEy4ogPpmLAYEG56Hd8h3bPSWdqRXX:Aq+y4oO+AhGSiZrbqlX

Entry address:

0x412D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file setup11.exe has been seen being distributed by the following 2 URLs.

http://cdn.chironexfleckeriwhite.com/downloads/offers/.../Setup11.exe

http://cdn2.chironexfleckeriwhite.com/downloads/offers/.../Setup11.exe

Remove setup11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.