» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

IJPLMINST

The executable setup.exe, “Inkjet Printer/Scanner/Fax Extended Survey Program Installer” has been detected as malware by 13 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Canon Inkjet Printer/Scanner/Fax Extended Survey Program by Canon Inc.. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

setup.exe

Product:

IJPLMINST

Description:

Inkjet Printer/Scanner/Fax Extended Survey Program Installer

Version:

4.2.0.0

MD5:

fee073c07c9374ed1e9298f76dd925e3

SHA-1:

2fed4b446b6e3cb54c0743bd7d1c38926409cd3e

SHA-256:

97a084a3c560283994fb9ac0cc6747b4ea81e3246edee4b7defbb817b84ac298

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/5/2024 2:00:03 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160209-2

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6222.0

Norman

Win32.Sality.3

03.02.2016 10:30:35

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

47068

File size:

168.1 KB (172,168 bytes)

Product version:

4.2.0.0

Original file name:

IJPLMINST.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\canon\ijplm\setup.exe

File PE Metadata

Compilation timestamp:

6/28/2013 1:27:34 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:zH31L9o/dvuGtbrJyKpR95NaHqtgfvmuovkkehRpXqed+UZTz0I6Q:T31L9oFGGtb163roB4RpXqCnl6Q

Entry address:

0x1860

Entry point:

12, D9, 81, FF, C6, E6, 00, 00, 76, 02, 87, D8, 85, C3, 76, 0E, 8D, 1D, 14, 47, FB, 78, 85, F6, 8D, 1D, F6, 11, 1B, EE, BD, 0C, CD, 98, D8, 8D, 35, 8E, 04, 6F, AA, 69, D8, 05, 79, 72, 12, 81, F9, 7B, F5, 00, 00, 86, EE, F7, C0, 3A, 52, B0, 17, 0F, AF, DE, 89, C5, 83, E7, 00, 47, 8B, D8, 12, E3, 80, F3, 99, 48, 0B, C6, 1C, FD, 81, F9, C4, 4E, 00, 00, 71, 08, 29, C2, 69, D6, 7A, 70, 8C, C5, 81, FF, 3B, 05, 00, 00, 0F, 8C, D7, FF, FF, FF, F2, 51, 53, 29, CE, B9, 1B, 29, B4, 16, 88, C6, E8, 14, 00, 00, 00, B9... 
[+]

Entropy:

7.3003

Code size:

39 KB (39,936 bytes)

Program Uninstaller

Program name:

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Display publisher:

Canon Inc.

Display version:

4.2.0

Uninstall string:

C:\Program Files\Canon\IJPLM\SETUP.EXE -R

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.