qvodsetup_tom365.exe

QvodSetup

Shenzhen Qvod Technology Co.,Ltd

The executable qvodsetup_tom365.exe has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.1155.com.
Remove qvodsetup_tom365.exe - Powered by Reason Core Security
Publisher:
Shenzhen Qvod Technology Co.,Ltd

Product:
QvodSetup

Version:
3.5.0.64

MD5:
6b2c44908b3c666e8f4f22adccb8e5db

SHA-1:
d7808abb8ac3ef1b2c9db9b1a6287f5e8616ea3a

SHA-256:
4a28fad98eb7190ab039d971535ec37f6b61de8bed2546b355b4bc27556900b3

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/10/2016 11:26:53 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic4
2015.0.3448

Bkav FE
W32.Clod53a.Trojan
1.3.0.4959

Clam AntiVirus
Win.Trojan.5869679
0.98/213

Commtouch SDK
W32/Blocker-based!Maximus
5.4.1.7

F-Prot
W32/Blocker-based
v6.4.7.1.166

McAfee
Artemis!6B2C44908B3C
5600.7104

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-PKR.O
7.7104

Norman
Suspicious_Gen4.AJVNW
11.20140610

Rising Antivirus
PE:Trojan.Win32.Generic.12B6C827!313968679
23.00.65.14608

VIPRE Antivirus
Trojan.Win32.Generic
29750

Remove qvodsetup_tom365.exe - Powered by Reason Core Security
File size:
2.6 MB (2,775,145 bytes)

Copyright:
Copyright(C) 2006-2011 QVOD

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\qvodsetup_tom365.exe

File PE Metadata
Compilation timestamp:
10/18/2009 11:05:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:krekaT/pVTwF4QaX7+2d5oJIRA6NNbys/lik3CgUZ6DtP8EA:69aTTHL+2zou1xyQlj3jW6DtkEA

Entry address:
0x36F8

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 80, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, AB, 2F, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, A8, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 08, A8, 40, 00, 68, 00, 5B, 42, 00, E8, 87, 2A, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, 75, 2A, 00, 00...
 
[+]

Entropy:
7.9927

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file qvodsetup_tom365.exe has been seen being distributed by the following URL.

http://www.1155.com/tg/.../QvodSetup_tom365.exe

Remove qvodsetup_tom365.exe - Powered by Reason Core Security