home

torchsetup.exe

Nes

Torch Media Inc.

The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.metasharenew.com.
Publisher:
Pofeguko   (signed by Torch Media Inc.)

Product:
Nes

Description:
Nes Setup

Version:
4.5.1.5

MD5:
1359ade6ae142c655022994b8d2f6fdb

SHA-1:
a9158bead3ee1b59799b4599e02e7e331d753f29

SHA-256:
cbcce421a3494cca770a38157234806102898d863187db3f19a6332bfc1d817e

Scanner detections:
1 / 68

Status:
Inconclusive  (probably just a false positive detection)

Analysis date:
5/7/2024 2:25:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.IM (L)
17.3.12.16

File size:
1.7 MB (1,815,000 bytes)

Product version:
3.3

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\torchsetup.exe

Digital Signature
Signed by:
Torch Media Inc.

Authority:
thawte, Inc.

Valid from:
6/9/2016 5:00:00 PM

Valid to:
6/25/2017 4:59:59 PM

Subject:
CN=Torch Media Inc., OU=DEV, O=Torch Media Inc., L=Panama, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA - G2, O="thawte, Inc.", C=US

Serial number:
09887D02BDD719A47D84193381429497

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, E0, FA, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9889

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file torchsetup.exe has been seen being distributed by the following URL.

http://www.metasharenew.com/je_PXxEIF8BxJ2MWnn8k6ng4aPqpSyR3vW4PMhUHWaxSI4vEqYj_1Lhn9dSUGPtAKyHqzdNZInDqJD RWVSCph0pUcWPX43uGZ07SVjWMqmtQ0avIyMJMGD0pvfFv7eC688vhCUikO_8WWF44VKSX2zyDnlaRbgD2LIsjyeyfNg28qlAnfGF6GNhZ3WEkMq5kw9ajc1SklC1c09CWeF0x4PcYuSUEA==-Gy4AAMRtbD7fsfFC6BVhEDjkwOF7kHkSbIydIyh08o0TGrg3y2JYAz7lG gF

Scan torchsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.