Gridinsoft Logo
File Icon

Set-up.exe Trojan Agent Analysis

Updated 3 months ago
Checked by Malaware Check
Set-up.exe

Technical Analysis

File Name Set-up.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.210.174
Database Version 2025-03-06 16:00:41 UTC

Trojan.Win32.Agent.oa!s1

Malware family: Agent

Trojan Agent malware disguises itself as legitimate software while performing unauthorized activities including data theft and providing remote system access to threat actors.
N/A
Detection Rate
7,630,336
File Size (bytes)
2025-03-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
c7c4651db0438e0f78eb6b8545b51a81
SHA1
9030c042d03d6bc1b46147415ca4884db64a42c5
SHA256
c3cb7c05b25c43169fe69ed637d8ef4383d319eb9b44817bb686da2753854cfa
SHA512
fc99495d4a7c4ad8c1b31665cd622d3a2b06618fee3f09e104ea9540a64f06d9e008dbc19425b5db534753906c6df2cc3cba597f34e1d942c3586e73edf9e633
ImpHash
337783faf868eb54d41c823f63ce0359

PE Analysis

Basic Information

Icon
Hash: 95842ccf043229c8168d691fe160a4cd
Fuzzy: e3499db9b20bf43daacca194728d3e7c
dHash: 13699696aa8ad021
Image Base 0x00400000
Entry Point 0x006d147a
Compilation Time 2020-09-16 08:44:19
Checksum 0x00753cee (Actual: 0x00753cee)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path Set-up.pdb
Digital Signature No valid SignedData structure was found.
Imports 13 libraries
Exports 0 functions
Resources 67 Resources
Sections 5 Sections

Version Information

CompanyName Adobe Inc.
FileDescription Adobe Installer
FileVersion 6.5.0.348
InternalName Adobe Installer
LegalCopyright © 2020-2025 Adobe. All rights reserved.
OriginalFilename Adobe Installer
ProductName Adobe Installer
ProductVersion 6.5.0.348
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 3,613,568 bytes 3,613,696 bytes 6.56 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0A836D19BD8DAB940582E064A34E1C03
.rdata 0x00374000 928,648 bytes 928,768 bytes 5.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 44FD260F3F561536819AFABBCF9951DA
.data 0x00457000 164,084 bytes 138,240 bytes 2.63 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE A4655420DE09F96153C77CB4B4556F40
.rsrc 0x00480000 2,745,427 bytes 2,745,856 bytes 5.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6F08660898F50B8749AEB477628F9754
.reloc 0x0071f000 202,312 bytes 202,752 bytes 6.66 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5B1923C78768674AA063D7EF11EDC3D8
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 67 (2,741,785 bytes)
Resource Type Count Total Size Percentage
CSS 4 755,618 bytes
27.6%
DICTIONARY 21 1,560,534 bytes
56.9%
GIF 3 78,183 bytes
2.9%
JS 6 212,410 bytes
7.7%
PNG 18 25,717 bytes
0.9%
SVG 4 2,598 bytes
0.1%
RT_ICON 6 87,796 bytes
3.2%
RT_GROUP_ICON 1 90 bytes
0%
RT_VERSION 1 772 bytes
0%
RT_HTML 2 16,000 bytes
0.6%
RT_MANIFEST 1 2,067 bytes
0.1%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.Agent.oa!s1 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.Agent.oa!s1 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware