home

setup.exe

Age of Wulin

SuZhou Snail Electronic Co., Ltd

The program is a setup application that uses the InstallShield Setup installer. This is the uninstaller utility registered in the Windows Control Panel for the program Age of Wulin by gPotato. This is installed with Age of Wulin. The file has been seen being downloaded from d64.newplaysite.com and multiple other hosts.
Publisher:
gPotato  (signed by SuZhou Snail Electronic Co., Ltd)

Product:
Age of Wulin

Description:
InstallScript Setup Launcher

Version:
0.0.1.011

MD5:
5c6eadc1be3088442ad9cdc4cd26abd9

SHA-1:
7355c34fac14e2ac5fcf8655dc6df9f72592cd08

SHA-256:
afa1820a9a3e6e5611bbfe481c50761fe2cdacab02b07ff8f3f90f945b81790a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 12:55:39 AM UTC  (today)

File size:
1 MB (1,078,912 bytes)

Product version:
0.0.1.011

Copyright:
Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\windows\syswow64\setup.exe

Digital Signature
Signed by:
SuZhou Snail Electronic Co., Ltd

Authority:
Thawte, Inc.

Valid from:
1/24/2013 4:00:00 PM

Valid to:
4/26/2015 4:59:59 PM

Subject:
CN="SuZhou Snail Electronic Co., Ltd", OU=Technology Center, O="SuZhou Snail Electronic Co., Ltd", L=SuZhou, S=JiangSu, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09286F8F044AC76F7F9C2F09DDF25B39

File PE Metadata
Compilation timestamp:
10/5/2010 1:39:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:NXQQXlKsrM6VKYMNPFqjOipJbk938F3qukwD0QDKZCffbOu18g:KQVKsrByA6kJbcMQD/QVXZ18g

Entry address:
0x3D90D

Entry point:
55, 8B, EC, 6A, FF, 68, A8, 75, 46, 00, 68, 38, F0, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 8C, 63, 46, 00, 33, D2, 8A, D4, 89, 15, 44, D7, 47, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 40, D7, 47, 00, C1, E1, 08, 03, CA, 89, 0D, 3C, D7, 47, 00, C1, E8, 10, A3, 38, D7, 47, 00, 6A, 01, E8, 0E, 2A, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 8F, 0F, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.1969

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
403.5 KB (413,184 bytes)

Program Uninstaller
Program name:
Age of Wulin

Display publisher:
gPotato

Display version:
0.0.1.011

Uninstall string:
"C:\Program Files (x86)\InstallShield Installation Information\{A1CD76EB-30CA-45EE-9946-5FC20BA62012}\setup.exe" -runfromtemp -l0x0409 -removeonly


The file setup.exe has been discovered within the following program.

Age of Wulin  by gPotato
www.gpotato.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 5 URLs.

http://d64.newplaysite.com/download/bin/.../setup.exe

http://s6219.chomikuj.pl/File.aspx?e=c_X7_SsSdvBz3chlmK_CmoOUK8UBxr2XCPpf8BjtPHDJcgHcNoYidsT5hcoq4wP52z0e7tR1e-zEajg0QdoEK9rGofc8syqx1Tn0fSPON42EUd2nX_ufZ7LVzMM1gKHUjrE5Fc3EmzkNRklP3xN7Fg&pv=2

http://storebox3.info/.../?installer_file_name=setup&affiliate_id=1_exe

http://ngm.nexoneu.com/cbangm/NGM/.../Setup.exe

http://cdn.funcom.com/tsw/.../setup.exe

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.