home

tmpsetup.exe

ISPWizard - Internet Setup Program Wizard

End-User Computing, Inc

The executable tmpsetup.exe, “Internet Setup Program Wizard” has been detected as malware by 2 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
ISPWizard  (signed by End-User Computing, Inc)

Product:
ISPWizard - Internet Setup Program Wizard

Description:
Internet Setup Program Wizard

Version:
6.4.4.1

MD5:
9afdf7af0a86ebae79aa5f29e2312f9e

SHA-1:
c368bb8dcb6df48110d0889770a5441c1024a6ee

SHA-256:
3a39ce4eb8736c580f1fbf5ef289fb5bbbd6d5c0ff34e68a223afe6cdabc56ac

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
7/6/2025 5:55:27 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/18011

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.20.14

File size:
992.9 KB (1,016,752 bytes)

Product version:
6.44

Copyright:
Copyright 2000-2010 Mark Griffiths

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\tmpsetup.exe

Digital Signature
Signed by:
End-User Computing, Inc

Authority:
GoDaddy.com, Inc.

Valid from:
9/16/2010 12:40:50 PM

Valid to:
10/7/2011 9:11:43 AM

Subject:
CN="End-User Computing, Inc", O="End-User Computing, Inc", L=" Toledo", S=OH, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EA7A2C560117E

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:5UGrs6qF44AtKOA1RTnZYHv2XFAISoLG9dLQKy1hEs2PV5PAXy5BrejxqDERwz:nPHcOA1tZTFA2Ls+1TQ90kB1Dh

Entry address:
0x127E00

Entry point:
60, E8, 01, 00, 00, 00, EB, 5D, BB, FA, FF, FF, FF, 03, DD, 81, EB, 00, 7E, 12, 00, EB, 02, EB, 39, C6, 45, 10, 00, 33, C0, 8B, 73, 3C, FF, 74, 33, 58, 0F, B7, 54, 33, 06, 4A, 4A, 8D, BC, 33, F8, 00, 00, 00, 8B, 77, 0C, 8B, 4F, 10, 0B, C9, 74, 07, 03, F3, E8, 13, 00, 00, 00, 4A, 74, 05, 83, C7, 28, EB, E7, 59, 3B, C1, 90, 90, 61, E9, A9, E1, FF, FF, FC, 52, 8B, D0, 0B, D2, 75, 05, BA, 8E, 24, 3B, 9C, AC, 49, 0B, C9, 74, 14, 32, D0, B0, 08, D1, EA, 73, 06, 81, F2, 9A, F3, A7, C1, FE, C8, 75, F2, EB, E6, 92...
 
[+]

Entropy:
7.9742

Packer / compiler:
ASPack v1.08.04

Code size:
725 KB (742,400 bytes)

Remove tmpsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.