home

SetupWizard.exe

Get a Clip

The application SetupWizard.exe by Get a Clip has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Get-a-Clip  (signed by Get a Clip)

Product:
Get-a-Clip

Version:
5.3.0.0

MD5:
53f75d48bc7987b0052ed47b407ebe6b

SHA-1:
97387bf35551e8ae6d34fa4b3b3b52446c0f259e

SHA-256:
50917e386fb809fdb60a4719174288a140ab695a8a68a51d406f4f91cb1d542c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/3/2024 8:06:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GetaClip (L)
16.9.2.20

File size:
3.1 MB (3,223,720 bytes)

Product version:
5.3.0.0

Copyright:
Copyright 2013 (c) Get-a-Clip. All rights reserved.

Original file name:
SetupWizard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setupwizard.exe

Digital Signature
Signed by:
Get a Clip

Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 9:09:05 PM

Valid to:
3/23/2017 11:37:13 AM

Subject:
E=info@get-a-clip.com, CN=Get a Clip, O=Get a Clip, L=Garden Grove, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214F73BF2EACA0C2BCE07BD34BC3F2079D

File PE Metadata
Compilation timestamp:
8/19/2016 1:23:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:l5DwLnWzA9ZynTHNlgZe7R1Kzw+U4beziEyB:pAKtOKKzw+U0eWEyB

Entry address:
0x157DD8

Entry point:
E8, 9E, A1, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 60, F3, 5E, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 84, D3, 58, 00, 6A, 01, A3, BC, AA, 5F, 00, E8, F7, A6, 00, 00, FF, 75, 08, E8, 8C, A6, 00, 00, 83, 3D, BC, AA, 5F, 00, 00, 59, 59, 75, 08, 6A, 01, E8, DD, A6, 00, 00, 59, 68, 09, 04, 00, C0, E8, 5A, A6, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 9E, FB, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A0, A8, 5F, 00, 89, 0D, 9C, A8, 5F, 00, 89, 15, 98, A8, 5F, 00...
 
[+]

Entropy:
6.7440

Code size:
1.5 MB (1,620,992 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-69-223-17.us-west-2.compute.amazonaws.com  (54.69.223.17:443)

TCP (HTTP):
Connects to a104-97-14-59.deploy.static.akamaitechnologies.com  (104.97.14.59:80)

TCP (HTTP SSL):
Connects to ec2-52-42-129-98.us-west-2.compute.amazonaws.com  (52.42.129.98:443)

TCP (HTTP):
Connects to a96-17-177-16.deploy.akamaitechnologies.com  (96.17.177.16:80)

Remove SetupWizard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.