home

Setup.exe

百度音乐2014

Baidu (China) Co., Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from music.baidu.com and multiple other hosts.
Publisher:
百度  (signed by Baidu (China) Co., Ltd.)

Product:
百度音乐2014

Description:
百度音乐安装程序

Version:
9.1.5.3

MD5:
301551f9814def3853fe942f7afae3c7

SHA-1:
1c6b2ab17bbf7cd2155263efe97ab218860c9c5c

SHA-256:
105b917394ad599a284e47e2dc15d3fce570ad6bff6eb06481ad380e07b3c589

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 8:18:26 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
Signed-Adware.Hao123.BaiduChinaCo
3.12.26.3

File size:
8.8 MB (9,220,760 bytes)

Product version:
9.1.5.3

Copyright:
Copyright (C) 2014 Baidu Inc. All rights reserved.

Original file name:
BaiduMusic.exe

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Baidu (China) Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
2/22/2012 4:18:27 AM

Valid to:
2/22/2015 4:18:27 AM

Subject:
CN="Baidu (China) Co., Ltd.", O="Baidu (China) Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DF7675AAA08D1B49A83A480F14855D24

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:rcO9JnDAL8QRHwAmwb114IDk318xb/vDmxV2gTlP7eG:rcO9tFCQAb1lDqeF/S7P

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9714

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://music.baidu.com/pc/.../BaiduMusic-12345644.exe

http://210.6.198.20/.../BaiduMusic-12345617.exe

http://music.baidu.com/pc/spec/.../BaiduMusic-12345617.exe

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.