» btsetup.exe
Overview
Analysis
File Details
Programs (1)
Network (5)

btsetup.exe

The application btsetup.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This file is typically installed with the program btclient. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.

File name:

btsetup.exe

Version:

1.3.0.0

MD5:

b30c5de7794da6d93d39949602a61efb

SHA-1:

e40686ad1d7820060c6b75b6b50d5785b3463b6e

SHA-256:

e19484528016d8b015e3d8e734cf952e9e869d3c3fe4868551235d1d722405f2

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:24:21 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

Dr.Web

Adware.Toolbar.720

9.0.1.0289

ESET NOD32

Win32/Toolbar.Montiera.R potentially unwanted (variant)

9.12352

Fortinet FortiGate

Riskware/Montiera

10/16/2015

IKARUS anti.virus

PUA.Toolbar.Montiera

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17417

Reason Heuristics

Threat.Win.Reputation.IMP

15.10.16.9

Zillya! Antivirus

Downloader.Montiera.Win32.195

2.0.0.2426

File size:

440.5 KB (451,072 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\btclient\btclient\1.4.2.8\btsetup.exe

File PE Metadata

Compilation timestamp:

9/26/2015 9:11:49 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:/8tbgPlDdfF+6B69+yM0ODZXJkWhAVvK:EQKODPkW2

Entry address:

0x37F9A

Entry point:

E8, 63, 85, 00, 00, E9, 89, FE, FF, FF, CC, B8, 47, 10, 44, 00, A3, 60, 54, 46, 00, C7, 05, 64, 54, 46, 00, 3D, 07, 44, 00, C7, 05, 68, 54, 46, 00, F1, 06, 44, 00, C7, 05, 6C, 54, 46, 00, 2A, 07, 44, 00, C7, 05, 70, 54, 46, 00, 93, 06, 44, 00, A3, 74, 54, 46, 00, C7, 05, 78, 54, 46, 00, BF, 0F, 44, 00, C7, 05, 7C, 54, 46, 00, AF, 06, 44, 00, C7, 05, 80, 54, 46, 00, 11, 06, 44, 00, C7, 05, 84, 54, 46, 00, 9D, 05, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 50, 90, 00, 00... 
[+]

Entropy:

6.3122

Code size:

315 KB (322,560 bytes)

The file btsetup.exe has been discovered within the following program.

btclient by btclient

About 6% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to NY1WV3561 (204.145.82.26:80)

TCP:

Connects to ip-172-30-3-136.ec2.internal (172.30.3.136:9090)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.114.162:80)

TCP (HTTP):

Connects to NY1WV3438 (204.145.82.24:80)

Remove btsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.