home

setup provided through shanu.exe

Zeta Installer

LiveSoftAction SRL

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup provided through shanu.exe by LiveSoftAction SRL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
LiveSoft Action  (signed by LiveSoftAction SRL)

Product:
Zeta Installer

Version:
9.20.1.2

MD5:
49e7ebd5c3a0f1bf5f70ba50fe1e9874

SHA-1:
b49df7dd150bc271da8a5eaccd90072368826c4e

SHA-256:
ff9263bf98bd2375ac72a957b26157994ccdeb091fd8d13db34ea05929fdfe41

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 11:29:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Jaiko.615
616

AVG
GetNow
2016.0.3094

Baidu Antivirus
PUA.Win32.GetNow
4.0.3.15529

Bitdefender
Gen:Variant.Adware.Jaiko.615
1.0.20.745

Comodo Security
Application.Win32.GetNow.DI
22158

Dr.Web
Adware.Iminent.25
9.0.1.0149

Emsisoft Anti-Malware
Gen:Variant.Adware.Jaiko.615
8.15.05.29.01

ESET NOD32
Win32/GetNow.I potentially unwanted (variant)
9.11642

Fortinet FortiGate
W32/GetNow.I
5/29/2015

F-Secure
Gen:Variant.Adware.Jaiko
11.2015-29-05_6

G Data
Gen:Variant.Adware.Jaiko.615
15.5.25

K7 AntiVirus
Adware
13.204.15936

McAfee
Artemis!49E7EBD5C3A0
5600.6750

MicroWorld eScan
Gen:Variant.Adware.Jaiko.615
16.0.0.447

Panda Antivirus
PUP/Multitoolbar
15.05.29.01

Qihoo 360 Security
HEUR/QVM11.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Sien.Bundler
15.5.29.13

Sophos
Live Soft Action
4.98

Trend Micro House Call
TROJ_GEN.R047H09EE15
7.2.149

VIPRE Antivirus
LiveSoftAction
40332

File size:
1.1 MB (1,184,632 bytes)

Product version:
9.20.1.2

Copyright:
(c) Live Soft Action. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup provided through shanu.exe

Digital Signature
Signed by:
LiveSoftAction SRL

Authority:
GlobalSign nv-sa

Valid from:
3/3/2015 9:24:08 PM

Valid to:
3/3/2016 9:24:08 PM

Subject:
CN=LiveSoftAction SRL, O=LiveSoftAction SRL, L=Bucuresti, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112115C730891244FB88071FE814148E0E53

File PE Metadata
Compilation timestamp:
5/11/2015 6:33:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:rxB2qCTndgd24uu/wQmZptexrV2JAxNzpxgobHijZ8vLKxyeJyiO:rT2qCed24uomZbexcaxvxgozijsLK38

Entry address:
0x2DFCE0

Entry point:
60, BE, 00, 70, 5D, 00, 8D, BE, 00, A0, E2, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9122

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1 MB (1,085,440 bytes)

The file setup provided through shanu.exe has been seen being distributed by the following 2 URLs.

http://gg.gg/89f4

http://gg.gg/h1i1

Remove setup provided through shanu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.