» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Nanning weiwu Technology co.,ltd.

The application setup.exe by Nanning weiwu Technology co.,ltd has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from www.trackcash.org.

File name:

setup.exe

Publisher:

Nanning weiwu Technology co.,ltd. (signed and verified)

MD5:

d587ac11f46dd990ff81a255f138cbbc

SHA-1:

8411b10f85c6721fe505e105f492be0e93ab8b29

SHA-256:

8a9abcb84f1683130bb1363e38e3e85a37df27dbe98a6b400aa5b0208510d8a1

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/16/2024 8:20:03 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Win32:Malware-gen

2014.9-141031

AVG

Generic

2015.0.3305

Comodo Security

Application.Win32.VOPackage.AGEE

19215

Dr.Web

Trojan.DownLoader11.24441

9.0.1.0304

ESET NOD32

Win32/SquareNet.C potentially unwanted application

8.7.0.302.0

herdProtect (fuzzy)

variant of setup (11).exe (Adware)

2014.10.31.10

IKARUS anti.virus

PUA.SquareNet

t3scan.1.7.5.0

McAfee

Trojan.Artemis!D587AC11F46D

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.179.3144.0

Panda Antivirus

Trj/Genetic.gen

14.08.14.11

Reason Heuristics

PUP.Installer.NanningweiwuTechnologycoltd.F

14.8.14.19

Sophos

Square Network Installer

4.98

VIPRE Antivirus

Threat.4150696

32210

File size:

293.9 KB (300,920 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Nanning weiwu Technology co.,ltd.

Authority:

VeriSign, Inc.

Valid from:

7/21/2014 5:00:00 PM

Valid to:

7/22/2015 4:59:59 PM

Subject:

CN="Nanning weiwu Technology co.,ltd.", O="Nanning weiwu Technology co.,ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

00EE7D6082BD217E6FBABE223E889CE1

File PE Metadata

Compilation timestamp:

8/12/2014 1:19:00 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:IJfkJRqZJmR7/suqDDfEoRk4ZVL15xUo3PKpQQ:IZkKg7/suqPEoRk4zJ5xU+FQ

Entry address:

0x208BB

Entry point:

E8, 28, A1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 15, 30, 51, 43, 00, 85, C0, 75, 08, FF, 15, AC, 50, 43, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, 96, 19, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 20, E8, 4E, 19, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2F, F1, FF, FF, 83, C4, 14, 83, C8, FF, E9, 66, 01, 00, 00, 57, E8, E7, 90, 00, 00, 39, 5F, 04, 59, 89, 45, FC, 7D, 03, 89, 5F, 04, 6A... 
[+]

Entropy:

6.5002

Code size:

208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.trackcash.org/entry/.../index.html?offer_id=13232&aff_id=13166&transaction_id=34b7c1dd-e065-4992-bdbe-f1c43e0b0af4

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.