Gridinsoft Logo
File Icon

The setup.exe File Analysis

Updated 29 days ago
Checked by Malaware Check
setup.exe

Technical Analysis

File Name setup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
24576:rH7zesiJu4S5YhFaQl9C3vbrFpeW2nUmVhLwV5vcmeEusNM7fGEU9Ncz+um:rbsJvF8vKhUWWVAcNP9Ncz+n
Scanner Version 1.0.216.174
Database Version 2025-05-08 22:00:18 UTC

Suspicious File Detected

Detected by 56 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
78%
Detection Rate
1,904,128
File Size (bytes)
56/72
Engines Detected
2025-05-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
feb3b3a16dafac3ec117e195456b5683
SHA1
db15b6fa341314b2c9a3f805cc50f3fc70968d41
SHA256
6fdf2ce83cb9b42336ef97f27e15d307cd86b91b63aaf02c450e3c3b9371a514
SHA512
03de5cf8dacb50aa08a73e0453df538b410cfddc8fb5d0b390302e2321998004323294ec14a85de41da00a06b75d0bcfb53686b090113d579986ee141775d15a
ImpHash
78473387de4da5e8cee3c8839fd77a10

Security Engines with Detections (56 of 72)

Bkav
W32.AIDetectMalware Malicious
Lionic
Trojan.Win32.Injuke.16!c Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Gen:Variant.Zusy.546236 Malicious
FireEye
Gen:Variant.Zusy.546236 Malicious
CAT-QuickHeal
Trojan.Ghanarava.17205557556b5683 Malicious
Skyhigh
BehavesLike.Win32.Fareit.tc Malicious
McAfee
Artemis!FEB3B3A16DAF Malicious
Cylance
Unsafe Malicious
Zillya
Trojan.GenKryptik.Win32.619803 Malicious
Sangfor
Trojan.Win32.Save.a Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
Alibaba
Trojan:Win32/Injuke.ed009417 Malicious
K7GW
Trojan ( 005b4d281 ) Malicious
K7AntiVirus
Trojan ( 005b4d281 ) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Win32/Injector.ETRY Malicious
APEX
Malicious Malicious
Paloalto
generic.ml Malicious
Kaspersky
HEUR:Trojan.Win32.Injuke.gen Malicious
BitDefender
Gen:Variant.Zusy.546236 Malicious
NANO-Antivirus
Trojan.Win32.Steam.kmcboh Malicious
Avast
Win32:PWSX-gen [Trj] Malicious
Tencent
Malware.Win32.Gencirc.11bf7c2a Malicious
Emsisoft
Gen:Variant.Zusy.546236 (B) Malicious
F-Secure
Trojan.TR/AVI.vidar.nbtos Malicious
DrWeb
Trojan.PWS.Steam.37322 Malicious
VIPRE
Gen:Variant.Zusy.546236 Malicious
McAfeeD
ti!6FDF2CE83CB9 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Trapmine
malicious.moderate.ml.score Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan.Win32.Remcos Malicious
GData
Gen:Variant.Zusy.546236 Malicious
Google
Detected Malicious
Avira
TR/AVI.vidar.nbtos Malicious
Varist
W32/Delf.XP.gen!Eldorado Malicious
Antiy-AVL
Trojan/Win32.Injuke Malicious
Kingsoft
Win32.Trojan.Injuke.gen Malicious
Arcabit
Trojan.Zusy.D855BC Malicious
Microsoft
Trojan:Win32/FakeUpdate.AFU!MTB Malicious
Cynet
Malicious (score: 100) Malicious
AhnLab-V3
Trojan/Win.Generic.C5616351 Malicious
VBA32
TScope.Trojan.Delf Malicious
ALYac
Gen:Variant.Zusy.546236 Malicious
Malwarebytes
Spyware.PasswordStealer.DLF Malicious
Panda
Trj/Chgt.AD Malicious
TrendMicro-HouseCall
TROJ_GEN.R014H01K124 Malicious
Rising
Backdoor.Androm!8.113 (TFE:3:eMaZ7QYfXnK) Malicious
Yandex
Trojan.Injuke!esmFzWY/dKE Malicious
CTX
exe.trojan.injuke Malicious
huorong
Trojan/Injector.bnx Malicious
Fortinet
W32/GenKryptik.GLYS!tr Malicious
AVG
Win32:PWSX-gen [Trj] Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
Trojan:Win/Injuke.gyf Malicious
16 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: de72e3bb9ead76ddb24796b3302d8028
Fuzzy: 6143d5925fcaea958cb86743ee1c1e96
dHash: 3c64ccfcecf8e8ec
Image Base 0x00400000
Entry Point 0x00477804
Compilation Time 1992-06-19 22:22:17
Checksum 0x00000000 (Actual: 0x001d5d81)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 8 libraries
kernel32, user32, advapi32, oleaut32, version, gdi32, ole32, comctl32
Exports 0 functions
Resources 67 Resources
Sections 8 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
CODE 0x00001000 485,484 bytes 485,888 bytes 6.54 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ BD98695F4F0055F39296B7415D1B0191
DATA 0x00078000 7,868 bytes 8,192 bytes 4.57 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5BA75B4114E7B868465ED6637EE64860
BSS 0x0007a000 3,705 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x0007b000 8,998 bytes 9,216 bytes 4.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1E1E277072EF4C096A6B5A4676355107
.tls 0x0007e000 20 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x0007f000 24 bytes 512 bytes 0.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 78B552F94E72C3AF7B8E5A45C0221CA7
.reloc 0x00080000 34,596 bytes 34,816 bytes 6.64 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ DA3D9A425A6D0BAD4FE88B7DE767C452
.rsrc 0x00089000 1,364,480 bytes 1,364,480 bytes 7.07 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 32C6ED00B107FA212E7F209498622566
Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 67 (1,360,360 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 8 2,464 bytes
0.2%
RT_BITMAP 22 7,196 bytes
0.5%
RT_ICON 1 67,624 bytes
5%
RT_DIALOG 1 82 bytes
0%
RT_STRING 22 14,608 bytes
1.1%
RT_RCDATA 4 1,268,206 bytes
93.2%
RT_GROUP_CURSOR 8 160 bytes
0%
RT_GROUP_ICON 1 20 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
56 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware