home

setup__6629_i1915527283_il652242.exe

Stpll

Finful

The application setup__6629_i1915527283_il652242.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.perisigmoiditisgashing.site and multiple other hosts.
Publisher:
Finful

Product:
Stpll

Description:
cmpnnt

Version:
139.27.212.124

MD5:
99f7a90ca3dea1486bb8f3ec42c4482e

SHA-1:
bcfb40b390b0711df2fb554ba3f1f558f83fc8c9

SHA-256:
cf0b6d3c7b9cd64e785abd6d373fa3629b7395b991866d3825719882de0979a5

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
6/29/2025 12:04:33 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160327-1

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Reason Heuristics
Adware.Bundler (M)
16.5.1.23

File size:
572 KB (585,728 bytes)

Product version:
139.27.212.124

Copyright:
LC 2015

Trademarks:
Pepcyc

Original file name:
file.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\setup__6629_i1915527283_il652242.exe

File PE Metadata
Compilation timestamp:
8/2/2000 12:30:10 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ZBCFWyPDeiF/I/i/7nuzkEjiDOSpS4oZPienEudunkqOJilC7V7VmsW9JcEg:ZGfeihI6CjiDZS4fenEguniaav3Uc

Entry address:
0xD153

Entry point:
87, C9, 80, DD, 52, 90, 8B, C8, 49, FE, C5, 86, C9, B6, C1, F7, C2, F9, 30, 30, AB, 8D, 88, 31, FB, 0D, 17, 68, 48, 6B, 00, 00, F8, 58, B6, 12, B2, 2A, EB, 7D, 00, 00, 00, 1D, 70, 89, C9, 00, B1, 6A, DD, 00, C6, 82, E2, 00, 74, AB, 00, A9, A9, C0, 25, DF, FC, DE, 42, 00, 8C, 36, 56, 5E, 47, 55, E4, 76, 00, A4, 60, 65, D1, 07, 00, 00, 9E, 5F, FD, 81, D1, 90, 00, 48, 03, D6, 3D, 00, 49, 8C, 30, CD, C3, 00, D2, C1, 00, 49, 59, 00, 88, 37, C7, 00, A3, EA, AF, 0A, 7D, 00, F7, 21, 00, 39, 04, 00, 3A, 6C, E2, ED...
 
[+]

Code size:
49 KB (50,176 bytes)

The file setup__6629_i1915527283_il652242.exe has been seen being distributed by the following 2 URLs.

http://www.perisigmoiditisgashing.site/10_nod32_launcher.exe

http://www.perisigmoiditisgashing.site/13_nod32_launcher.exe

Remove setup__6629_i1915527283_il652242.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.