home

Setup.exe

InstallShield

Acresso Software Inc.

The executable Setup.exe has been detected as malware by 36 anti-virus scanners. The program is a setup application that uses the InstallShield Setup installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program Realtek Ethernet Controller Driver For Windows Vista and Later by Realtek. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Acresso Software Inc.

Product:
InstallShield

Description:
Setup.exe

Version:
15.0.498

MD5:
23761656cd77ccffd333e26a41dfee1b

SHA-1:
34da3b4642893b4c073f5631f92140aa06f3e353

SHA-256:
287e2cd1a604555601f250caac64a5276a476d22c3d5ab11871c4273e0954009

Scanner detections:
36 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 10:22:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
6764508

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.03.11

Avira AntiVirus
W32/Sality.AT
7.11.215.230

avast!
Win32:SaliCode
150303-0

AVG
Win32/Sality
2014.0.4253

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.1536

Bitdefender
Win32.Sality.3
1.0.20.325

Bkav FE
W32.Sality.PE
1.3.0.6379

Comodo Security
Virus.Win32.Sality.gen
21311

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4799

ESET NOD32
Win32/Sality.NBA
9.11298

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
15.3.25

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.200.15179

Kaspersky
Virus.Win32.Sality
15.0.0.543

McAfee
Virus.W32/Sality.gen.z
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.193.1548.0

MicroWorld eScan
Win32.Sality.3
16.0.0.195

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.0.296

Norman
Win32.Sality.3
03.12.2014 13:20:04

nProtect
Virus/W32.Sality.D
15.03.06.01

Panda Antivirus
W32/Sality.AA
15.03.06.07

Quick Heal
W32.Sality.U
3.15.14.00

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15304

Sophos
Virus 'Mal/Sality-D'
5.11

Total Defense
Win32/Sality.AA
37.0.11479

Trend Micro House Call
PE_SALITY.RL
7.2.65

Trend Micro
PE_SALITY.RL
10.465.06

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
37788

ViRobot
Win32.Sality.N[h]
2014.3.20.0

Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.2089

File size:
457.4 KB (468,400 bytes)

Product version:
15.0

Copyright:
Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\Program Files\installshield installation information\{8833ffb6-5b0c-4764-81aa-06dfeed9a476}\setup.exe

File PE Metadata
Compilation timestamp:
5/10/2008 5:39:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:JGWK9s2n1sDERSUknwoD6AaeICSj7kEoed0PFn0wccccccccoNH399bHKWXwlpTr:J9ysVnKt7oUrNXnjKiwlpTr

Entry address:
0x21EE4

Entry point:
F3, 69, FD, 3E, 99, 7E, C5, 87, D6, 74, 02, 21, EB, 81, E9, 40, 40, DC, F2, 0F, B6, DC, 34, EA, 49, 0F, AF, C5, 89, C7, 0F, BF, E8, 3B, D1, 0C, 0A, 87, EE, 0F, AF, D8, 8B, DA, F7, C5, EB, 98, F5, 73, 73, 02, 0A, F6, 68, 86, 70, 94, 00, 56, 0F, B7, CB, E8, 27, 00, 00, 00, 8B, EF, 8D, 35, B9, 27, F3, 5B, 18, E4, 71, 09, 69, F2, 0F, C7, 80, F2, F2, 86, CA, 86, ED, 8A, C5, C6, C4, 29, 33, DF, 71, 07, 80, F5, 16, 48, 0F, BF, D0, 8A, F2, 1A, C4, B4, D7, BE, 8D, 23, E7, 6A, 10, CB, 21, D2, 0F, BF, F8, 3B, CE, 58...
 
[+]

Code size:
288 KB (294,912 bytes)

Program Uninstaller
Program name:
Realtek Ethernet Controller Driver For Windows Vista and Later

Display publisher:
Realtek

Display version:
1.00.0009

Uninstall string:
C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -removeonly


Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.