home

citriosetup.exe

CatalinaGroup Update

Catalina Group Limited

The application citriosetup.exe, “CatalinaGroup Update Setup” by Catalina Group Limited has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from catalinahub.com.
Publisher:
Catalina Group Ltd.  (signed by Catalina Group Limited)

Product:
CatalinaGroup Update

Description:
CatalinaGroup Update Setup

Version:
1.3.25.203

MD5:
c05f844393cc387ff329dc2530a6635a

SHA-1:
9f5fd2fbccb7f9bed92b6152d5e9e0544dc2756b

SHA-256:
f30407f803c2f61e331ed515727ae7fca3353c80f0317dd90e3336f559bc08f7

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 10:28:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12187150
372

Agnitum Outpost
Trojan.DownLoad
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
16.01.29

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:Malware-gen
2014.9-160129

AVG
Generic
2017.0.2850

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.16129

Bitdefender
Trojan.Generic.12187150
1.0.20.145

Clam AntiVirus
Win.Trojan.12187150
0.98/19788

Comodo Security
Application.Win32.Maxiget.DWCP
20372

Dr.Web
Adware.Downware.1751
9.0.1.029

Emsisoft Anti-Malware
Trojan.Generic.12187150
8.16.01.29.11

F-Prot
W32/A-ccd4d538
v6.4.7.1.166

F-Secure
Trojan.Generic.12187150
11.2016-29-01_6

G Data
Trojan.Generic.12187150
16.1.24

IKARUS anti.virus
Trojan.Agent
t3scan.1.8.5.0

McAfee
Artemis!612C55BF3A55
5600.6506

MicroWorld eScan
Trojan.Generic.12187150
17.0.0.87

Norman
Trojan.Generic.12187150
11.20160129

nProtect
Trojan.Generic.12187150
14.12.12.01

Reason Heuristics
PUP.Catalina.CatalinaGroup.Installer (M)
16.1.29.11

Sophos
PUA '4Share Downloader'
58

Trend Micro House Call
TROJ_GEN.F47V1119
7.2.29

VIPRE Antivirus
Threat.4150696
32210

File size:
623.7 KB (638,624 bytes)

Product version:
1.3.25.203

Copyright:
Copyright 2013 Catalina Group Ltd.

Original file name:
CatalinaUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\citriosetup.exe

Digital Signature
Signed by:
Catalina Group Limited

Authority:
GoDaddy.com, Inc.

Valid from:
8/16/2013 12:34:08 PM

Valid to:
9/27/2016 3:56:54 AM

Subject:
CN=Catalina Group Limited, O=Catalina Group Limited, L=Kwun Tong, S=Hong Kong, C=HK

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B8F32520620F6

File PE Metadata
Compilation timestamp:
9/6/2013 10:39:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:TNRfFqyD2WlTE8GCHzjYFCI9pzcTpYt5Vy8ycnLtA+0L:TNRPV28tj8CQd7tfUcnLex

Entry address:
0x480E

Entry point:
E8, F9, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 4E, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 18, 48, 40, 00, FF, 15, 08, D0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 10, D0, 40, 00, FF, 75, 08, FF, 15, 0C, D0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Code size:
46.5 KB (47,616 bytes)

The file citriosetup.exe has been seen being distributed by the following URL.

http://catalinahub.com/.../install?app=92F8A219-E740-49D5-B785-B962AD819724&subId=MTIzNTl8MzQ1NzF8VUF8M3wxfA|4462dc9a9aac8390060f73eb786ae6b4&channelId=1&placement=12359

Remove citriosetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.