The Setup exe File Malware Analysis
Gridinsoft Logo
File Icon

The Setup.exe File Analysis

Updated 4 days ago
Checked by Malware Check
Setup.exe

Technical Analysis

File Name Setup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
24576:/PkGG2nASZeQVZVQFEVh+KtZukXcWiIElaOrocN:nB2Y7VZHVhlTMpIELrocN
Scanner Version 1.0.223.174
Database Version 2025-08-29 23:00:46 UTC

Suspicious File Detected

Detected by 18 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
25%
Detection Rate
1,135,366
File Size (bytes)
18/72
Engines Detected
2025-08-29
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
63020d6191fb3798806b49299c2e0e30
SHA1
59b3f796ce99f85c4e809417e6ccbd3d83a89506
SHA256
7278b17862045e23ff94e4aaf7ecfd01f6a77cef9834ea7e9c06bcf3ed4ed397
SHA512
2057a451ad7306787d1aa6d03926c6ed0c51edf2051e1f219c2cce0639c1dfad8bb536d3f33b58072b8a2455824646f4a30da4fa7bf87af8ee89adcc12c25c6b
ImpHash
32f3282581436269b3a75b6675fe3e08

Security Engines with Detections (18 of 72)

Elastic
malicious (high confidence) Malicious
Skyhigh
BehavesLike.Win32.Generic.tc Malicious
Cylance
Unsafe Malicious
CrowdStrike
win/grayware_confidence_60% (D) Malicious
huorong
Trojan/Runner.dr Malicious
VirIT
Trojan.Win32.Genus.YIP Malicious
Symantec
Scr.NSISHeur!gen2 Malicious
ESET-NOD32
a variant of NSIS/Runner.RT Malicious
APEX
Malicious Malicious
Rising
Trojan.Runner/NSIS!1.13037 (CLASSIC) Malicious
McAfeeD
ti!7278B1786204 Malicious
Sophos
Generic ML PUA (PUA) Malicious
Ikarus
Trojan.NSIS.Runner Malicious
Google
Detected Malicious
Cynet
Malicious (score: 100) Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Fortinet
NSIS/Backdoor.RW!tr Malicious
DeepInstinct
MALICIOUS Malicious
54 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 344093feed2c78f5b06e484fa71ad424
Fuzzy: db53cbc2ee7c623398718c4269563668
dHash: ae9cecd4d4f4a49a
Image Base 0x00400000
Entry Point 0x00403a10
Compilation Time 2011-04-10 23:29:32
Checksum 0x00000000 (Actual: 0x001215ea)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 8 libraries
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION
Exports 0 functions
Resources 8 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 29,680 bytes 29,696 bytes 6.55 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ CE0E77CB791AA224B69300023FAA0F91
.rdata 0x00009000 11,166 bytes 11,264 bytes 4.51 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 61CBDA0A4E2FE2415911415002F10E26
.data 0x0000c000 469,916 bytes 512 bytes 1.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 371877449827DA63665D3FEE24DD4A2E
.ndata 0x0007f000 692,224 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00128000 33,584 bytes 33,792 bytes 6.72 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D2F05FC7707A1E6C9610FA319A0E34F3
.reloc 0x00131000 4,148 bytes 4,608 bytes 6.74 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ C3163F55F4C306E138501CE00C3E6AA5
Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 8 (33,082 bytes)
Resource Type Count Total Size Percentage
RT_ICON 3 31,672 bytes
95.7%
RT_DIALOG 3 636 bytes
1.9%
RT_GROUP_ICON 1 48 bytes
0.1%
RT_MANIFEST 1 726 bytes
2.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
18 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware
An unexpected error occurred. Please try again later.