» setup.exe
Overview
Analysis
File Details

setup.exe

baidu

Jiajie Yin

The application setup.exe, “baidu Setup ” by Jiajie Yin has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory.

File name:

setup.exe

Publisher:

Jiajie Yin (signed and verified)

Product:

baidu

Description:

baidu Setup

MD5:

2ed8d57dce318e4567c592900b4393ef

SHA-1:

0ebc6d6113746e94583f1c4417e66c5ad21f98ee

SHA-256:

fd7661a1ceffa14902ff61f147b940e03c7b337184b98fd30d28bbba9555cdca

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

4/25/2024 11:05:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2040541

353

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/achs.vlo

7.11.213.54

avast!

Win32:Malware-gen

2014.9-160217

AVG

Jiajie

2017.0.2831

Baidu Antivirus

PUA.Win32.HideBaid

4.0.3.16217

Bitdefender

Trojan.GenericKD.2040541

1.0.20.240

Dr.Web

Trojan.Baidu.36

9.0.1.048

Emsisoft Anti-Malware

Trojan.GenericKD.2040541

8.16.02.17.04

ESET NOD32

Win32/HideBaid.A potentially unwanted

10.11258

Fortinet FortiGate

Riskware/HideBaid

2/17/2016

F-Secure

Trojan.GenericKD.2040541

11.2016-17-02_4

G Data

Trojan.GenericKD.2040541

16.2.25

IKARUS anti.virus

PUA.HideBaid

t3scan.1.8.6.0

McAfee

Artemis!41C345486F33

5600.6487

MicroWorld eScan

Trojan.GenericKD.2040541

17.0.0.144

NANO AntiVirus

Trojan.Win32.Generic.czzyay

0.30.0.296

nProtect

Trojan.GenericKD.2040541

15.03.02.01

Reason Heuristics

PUP.JiajieYin.Installer (M)

16.2.17.4

Sophos

Generic PUA HE

4.98

Trend Micro House Call

ADW_HIDEBAID

7.2.48

Trend Micro

ADW_HIDEBAID

10.465.17

VIPRE Antivirus

Trojan.Win32.Generic

38062

File size:

565.5 KB (579,032 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\temp\setup.exe

Digital Signature

Signed by:

Jiajie Yin

Authority:

WoSign CA Limited

Valid from:

5/14/2014 6:46:39 PM

Valid to:

5/15/2015 6:46:39 PM

Subject:

CN=Jiajie Yin, E=cpa.baidu@gmail.com, L=桂林市, S=广西壮族自治区, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3F13D1662B5F2172EF525E77D131CC4E

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:iQiGW5wxeWZTFKBGBhCeEqh4eFBkMwt8Rl7q3C8pJtM:iQiHuxRTIU+nqhtBj8Gl7uM

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.