» devsetup32.exe
Overview
Analysis
File Details

devsetup32.exe

DevSetup Application

The executable devsetup32.exe, “Huawei(R) DevSetup Version 1.0.2.5 for Windows 2K, XP, Vista, Win7.” has been detected as malware by 36 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

devsetup32.exe

Product:

DevSetup Application

Description:

Huawei(R) DevSetup Version 1.0.2.5 for Windows 2K, XP, Vista, Win7.

Version:

1.0.2.5

MD5:

9ce8325188056f2cfb24b4940f73f48e

SHA-1:

878eac07809a5775f399f8fdd99bc193a29e4524

SHA-256:

6b6654b9e9c35a16f853e1a87eab8dd1534067fd3440c662530177aa8247d67f

Scanner detections:

36 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 4:50:52 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

1017

Agnitum Outpost

Win32.Sality.BK

7.1.1

AhnLab V3 Security

Win32/Kashu.E

14.04.23

Avira AntiVirus

W32/Sality.AT

7.11.145.0

avast!

Win32:Kukacka

2014.9-140423

AVG

Win32/Sality

2015.0.3495

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.14423

Bitdefender

Win32.Sality.3

1.0.20.565

Bkav FE

W32.Sality.PE

1.3.0.4959

Comodo Security

Virus.Win32.Sality.Gen

18155

Dr.Web

Win32.Sector.21

9.0.1.0113

Emsisoft Anti-Malware

Win32.Sality

8.14.04.23.03

ESET NOD32

Win32/Sality.NBA

8.9713

F-Prot

W32/Sality.gen2

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2014-23-04_4

G Data

Win32.Sality

14.4.24

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.176.11861

Kaspersky

Virus.Win32.Sality

14.0.0.3972

McAfee

W32/Sality.gen.z

5600.7151

Microsoft Security Essentials

Virus:Win32/Sality.AU

1.10502

MicroWorld eScan

Win32.Sality.3

15.0.0.339

NANO AntiVirus

Virus.Win32.Sality.beygb

0.28.0.59492

Norman

Sality.ZHB

11.20140423

nProtect

Win32.Sality.3

14.04.23.01

Panda Antivirus

W32/Sality.AA

14.04.23.03

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Sality.U

4.14.12.00

Rising Antivirus

PE:Win32.KUKU.kq!1583244

23.00.65.14421

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.10894

Trend Micro House Call

PE_SALITY.RL

7.2.113

Trend Micro

PE_SALITY.RL

10.465.23

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.0

VIPRE Antivirus

Virus.Win32.Sality.at

28542

ViRobot

Win32.Sality.N

2011.4.7.4223

File size:

349.9 KB (358,280 bytes)

Product version:

1.0.2.5

Original file name:

DevSetup.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mobile partner\driver\devsetup32.exe

File PE Metadata

Compilation timestamp:

8/17/2012 8:05:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:jqapOba+WwQsapin41BJ/4YxXPNgHszSF2NVTw/Wuj4DDSaX:j7pkCJ/bF4suF2NVERjEDSs

Entry address:

0x18F49

Entry point:

60, 71, 02, 03, FA, 53, 57, EB, 0F, 0F, AF, DF, C7, C6, 5F, EF, 55, 12, F7, C1, 27, 89, B9, BC, 89, C8, F7, C0, 8F, A9, 3D, 86, 40, FF, C2, EB, 08, 81, D2, 3C, 41, BE, 59, 87, CB, 2B, FA, B8, C1, 27, 02, 2E, 0F, AF, DE, 28, DC, 74, 05, 0F, B7, DB, 8A, F9, 0F, B6, FE, 0F, AF, EE, B0, BC, F6, C4, 9A, 86, E1, E8, 6A, 00, 00, 00, 8A, F0, 0F, BE, DB, FE, C6, 8B, FD, F3, 87, D7, C7, C3, 63, D6, AF, EA, 8A, CE, FF, C1, 89, F1, 88, F1, 1B, DA, 8D, 3D, 9D, A4, F1, FF, 80, DB, E9, FF, CB, 85, C2, 81, C7, 2A, 2C, 0F... 
[+]

Entropy:

6.3929

Code size:

168 KB (172,032 bytes)

Remove devsetup32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.