Reason Labs

amigo_setup.exe

[email protected]

LLC Mail.Ru

The executable amigo_setup.exe has been detected as malware named Threat.Generic.Variant.Installer.MailRu. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Version:
2.0.0.89

MD5:
dfa5ad3bf0e66315aa4f45746fd1adea

SHA-1:
1b37602bfe9e134ad7c96497208ab1ce7b828d7a

SHA-256:
a97a507935e30fee23ac94e818040bc6de862461396d7095979454c5027acbec

Detection:
Threat.Generic.Variant.Installer.MailRu

Risk:
Medium

Explanation:
This is the installer of a potentially unwanted program.

Analysis date:
12/15/2018 10:10:25 PM UTC  (today)

File size:
344.2 KB (352,488 bytes)

Product version:
2.0.0.89

Copyright:
Copyright 2015

Original file name:

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\amigo_setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/6/2015 6:00:00 AM

Valid to:
10/5/2017 5:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=moscow, S=Moscow, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
10F4D809B7AA340870993C0042347814

File PE Metadata
Compilation timestamp:
3/25/2016 2:43:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x11382

Entry point:
E8, 8B, CC, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 7C, 5F, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, D8, 45, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 7C, 5F, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6...
 
[+]

Characteristics:
0x258

Code size:
158.5 KB (162,304 bytes)

There are numerous known versions of amigo_setup.exe by Mail.Ru.

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (21ff48a2c9bff1f16d9565d3a3469f760fd21441)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (c186bcd2af715898916760323c2b056c7e7be887)

Threat.Generic.Variant.MailRu
amigo_setup.exe  2.0.0.174  (421bea120a0c0e89fe6ba7e558ab8d0043f11932)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (5d7d43b800f39986aff6ee36d941bc5819a6f07a)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (7f8fc5c50aeace0b89d1a2b01033aadd90402543)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (7e757060b1c05a6f4b9e89e2a26c0ae28b297b5a)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (760cb8e84ead2aa323228e7f3d607b0a23a9aeaa)

Threat.Generic.Variant.MailRu
amigo_setup.exe  2.0.0.174  (87f89786173acfe243ced353390590be428ad4ef)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (57a76ecb318f553ca971e9f5a8c846f5a0ed6451)

Threat.Generic.Variant.MailRu
amigo_setup.exe  2.0.0.174  (85b2d529b6af3b314e522ce2c94dee59bc024fc9)

Threat.Generic.Variant.MailRu
amigo_setup.exe  2.0.0.174  (3554f39baafb37601fa9a9fedac26b9ac68e4b79)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (e88c79f6dd3f27ae9d717755a89071ca65c1498f)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.174  (022eb24b6f6e8e6876a08f5739b365b73ea2c91f)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.110  (b67081d83e4162757a92fe4967b08fe583565280)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  2.0.0.89  (5d027979fb95af84d4b9fa76dbf3fdfd9fa20806)

PUP.Optional.Installer
amigo_adsetup_lp5portalnavch.exe  (830148b8b23064c62379f083bbb6d4893109f3c0)

Win32.Installer.Generic
amigo_dsetup_okmb04.exe  (5b45fb69718ee259b4a31cfef330403e86e8e248)

Win32.Installer.Generic
amigo_adsetup_lp5iesm.exe  (f94efc0acff9ade50a483f56cb53eb86a62d8cc9)

Win32.MailRu.Installer.Generic
amigo_adsetup_lmuopsy.exe  (1578a2a2fa87777693401bcd902e56be8ae1e4f4)

Win32.MailRu.Installer.Generic
amigo_adsetup_lrbie.exe  (f5e4cf1c7343c9326daded0a86a8e0d5683d31bb)

Threat.Generic.Variant.MailRu
amigo_setup.exe  (dc7404e968917d5f48edab5ee452509481deee4d)

Threat.Generic.Variant.MailRu
amigo_setup.exe  (b638a74d46686b324ef18e4ca162169d7927fc60)

Threat.Generic.Variant.MailRu
amigo_setup.exe  (2ea29df43118d8765ea04a0b6e42ed28cec52105)

Threat.Generic.Variant.MailRu
tmp0009bde9  (885b130f8068af026cfc8140da010648387f3dda)

Threat.Generic.Variant.MailRu
tmp00001745  (174b5b1e9a8a093c576acea84a8b73ee686dd96e)

Threat.Generic.Variant.MailRu
ule45bgo.exe  (6c231569af64a1ad60b1d12286f2227977fe92c4)

Threat.Generic.Variant.MailRu
ay5+y_tw.exe  (a523dca290a6c7a4a4aa22b85e0c76bbefb67a82)

Threat.Generic.Variant.Installer.MailRu
amigo_setup.exe  (ee0ea661a363b434735cb206a43c962e26730011)

Threat.Generic.Variant.MailRu
launcher.exe  (41fa5ee8a4d17b8a8382b829a124bc68f0cbe968)

Download Reason Core Security - Powerful anti-malware software