» setup.exe
Overview
Analysis
File Details

setup.exe

baidu

Jiajie Yin

The application setup.exe, “baidu Setup ” by Jiajie Yin has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Inno Setup installer.

File name:

setup.exe

Publisher:

Jiajie Yin (signed and verified)

Product:

baidu

Description:

baidu Setup

MD5:

2baa3cb2e1b6b1975122ad5e9842b9e6

SHA-1:

a2d52af126f1de4c70573a0d1ce5793dc8bdcc41

SHA-256:

d6e14bbc548d43b8aa2c7149cc255c83e74eebf6384394ed7e9a1e563341e57d

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

4/19/2024 5:51:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2040541

360

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/achs.vlo

7.11.213.54

avast!

Win32:Malware-gen

2014.9-160209

AVG

Jiajie

2017.0.2838

Baidu Antivirus

PUA.Win32.HideBaid

4.0.3.1629

Bitdefender

Trojan.GenericKD.2040541

1.0.20.200

Dr.Web

Trojan.Baidu.36

9.0.1.040

Emsisoft Anti-Malware

Trojan.GenericKD.2040541

8.16.02.09.04

ESET NOD32

Win32/HideBaid.A potentially unwanted

10.11258

Fortinet FortiGate

Riskware/HideBaid

2/9/2016

F-Secure

Trojan.GenericKD.2040541

11.2016-09-02_3

G Data

Trojan.GenericKD.2040541

16.2.25

IKARUS anti.virus

PUA.HideBaid

t3scan.1.8.6.0

McAfee

Artemis!41C345486F33

5600.6494

MicroWorld eScan

Trojan.GenericKD.2040541

17.0.0.120

NANO AntiVirus

Trojan.Win32.Generic.czzyay

0.30.0.296

nProtect

Trojan.GenericKD.2040541

15.03.02.01

Reason Heuristics

PUP.JiajieYin.Installer (M)

16.2.9.16

Sophos

Generic PUA HE

4.98

Trend Micro House Call

ADW_HIDEBAID

7.2.40

Trend Micro

ADW_HIDEBAID

10.465.09

VIPRE Antivirus

Trojan.Win32.Generic

38062

File size:

576.2 KB (590,072 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\windows\setup.exe

Digital Signature

Signed by:

Jiajie Yin

Authority:

WoSign CA Limited

Valid from:

5/14/2014 12:46:39 PM

Valid to:

5/15/2015 12:46:39 PM

Subject:

CN=Jiajie Yin, E=cpa.baidu@gmail.com, L=桂林市, S=广西壮族自治区, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3F13D1662B5F2172EF525E77D131CC4E

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:NQiG0+E7Dj5fJBccpbIJkynQFF795QwKXQLRl7q3C8pJtC:NQi5+EXj5xBnIJkynQF795egNl7uC

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.