» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

T357

XIAMEN CHANG HANG SOFTWARE TECHNOLOGY LIMITED.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘zReInstall’.

File name:

setup.exe

Publisher:

XIAMEN CHANG HANG SOFTWARE TECHNOLOGY CO., LTD. (signed by XIAMEN CHANG HANG SOFTWARE TECHNOLOGY LIMITED.)

Product:

T357

Description:

CHI Software series

Version:

6.5.3.515

MD5:

881392fbbb9a5ac17f6bb42dcd0b359c

SHA-1:

7937cb112da6d34fdbda5d978a4321981cf3d2a5

SHA-256:

f91ad8eecf44964d800edfa539a8855a748df491879d0f9a067c747ea7e3dcbd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 2:41:25 AM UTC (today)

File size:

933.3 KB (955,712 bytes)

Product version:

6.0.0.0

2001-2010

Trademarks:

CHIXM

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\tseriesadmin\setup.exe

Digital Signature

Signed by:

XIAMEN CHANG HANG SOFTWARE TECHNOLOGY LIMITED.

Authority:

WoSign, Inc.

Valid from:

5/29/2008 8:00:00 AM

Valid to:

5/30/2013 7:59:59 AM

Subject:

CN=XIAMEN CHANG HANG SOFTWARE TECHNOLOGY LIMITED., O=XIAMEN CHANG HANG SOFTWARE TECHNOLOGY LIMITED., STREET=厦门火炬高新区软件园2号4F, L=厦门, S=福建省, PostalCode=361005, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

79DB84723CB358249B07A2EA2EFA40C1

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9EE64

Entry point:

55, 8B, EC, 83, C4, F4, B8, 54, D6, 0A, 00, E8, 58, 25, F6, FF, E8, 9F, 95, FF, FF, A1, D4, 4A, 0B, 00, 8B, 00, E8, 4B, 27, F6, FF, 8B, 0D, 04, F3, 0A, 00, A1, D4, 4A, 0B, 00, 8B, 00, 8B, 15, 30, 50, 0A, 00, E8, 3B, 27, F6, FF, 8B, 0D, 74, F2, 0A, 00, A1, D4, 4A, 0B, 00, 8B, 00, 8B, 15, 90, 47, 02, 00, E8, 23, 27, F6, FF, A1, D4, 4A, 0B, 00, 8B, 00, E8, 1F, 27, F6, FF, E8, 42, 22, F6, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5257

Developed / compiled with:

Microsoft Visual C++

Code size:

632 KB (647,168 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

zReInstall

Command:

"C:\Program Files\tseriesadmin\setup.exe" \again \install

Scan setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.