home

setup.exe

Nanning weiwu Technology co.,ltd.

The application setup.exe by Nanning weiwu Technology co.,ltd has been detected as adware by 31 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downrapid.com and multiple other hosts.
Publisher:
Nanning weiwu Technology co.,ltd.  (signed and verified)

MD5:
380d806712e9d3e1993effdb8e1d008d

SHA-1:
b5d2773db3134465383cf18e48f8edcf98fd0536

SHA-256:
12ab7e49e824743b201acfcb7233610567575444ccfd19b443c2003568b81b3f

Scanner detections:
31 / 68

Status:
Adware

Analysis date:
5/12/2024 6:59:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BV
848

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.176.70

avast!
Win32:Malware-gen
2014.9-141009

AVG
Generic
2015.0.3326

Bitdefender
Application.Bundler.BV
1.0.20.1410

Clam AntiVirus
Win.Trojan.Application-507
0.98/19490

Comodo Security
Application.Win32.VOPackage.AGEE
19244

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BV
14.10.09

ESET NOD32
Win32/SquareNet.C potentially unwanted application
7.0.302.0

F-Prot
W32/A-f5b31e60
v6.4.7.1.166

F-Secure
Application.Bundler.BV
11.2014-09-10_5

G Data
Application.Bundler.BV
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13086

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Bundler
v2014.10.09.03

McAfee
Trojan.Artemis!AB32EF2E1BB8
5600.6982

Microsoft Security Essentials
Threat.Undefined
1.179.3332.0

MicroWorld eScan
Application.Bundler.BV
15.0.0.846

NANO AntiVirus
Trojan.Win32.DownLoader11.ddwmsg
0.28.2.61721

nProtect
Trojan-Clicker/W32.Agent.300920
14.10.02.01

Panda Antivirus
Trj/Genetic.gen
14.10.09.03

Reason Heuristics
PUP.Installer.NanningweiwuTechnologycoltd.F
14.10.9.15

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
PUP.SquareNet
10310

Total Defense
Win32/Tnega.YYZPCZB
37.0.11209

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Backdoor.PePatch.Win32.39632
2.0.0.1941

File size:
293.9 KB (300,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Nanning weiwu Technology co.,ltd.

Authority:
VeriSign, Inc.

Valid from:
7/21/2014 8:00:00 PM

Valid to:
7/22/2015 7:59:59 PM

Subject:
CN="Nanning weiwu Technology co.,ltd.", O="Nanning weiwu Technology co.,ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00EE7D6082BD217E6FBABE223E889CE1

File PE Metadata
Compilation timestamp:
8/12/2014 4:19:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:IJfkJRqZJmR7/suqDDfEoRk4ZVL15xUo3PKpQo:IZkKg7/suqPEoRk4zJ5xU+Fo

Entry address:
0x208BB

Entry point:
E8, 28, A1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 15, 30, 51, 43, 00, 85, C0, 75, 08, FF, 15, AC, 50, 43, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, 96, 19, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 20, E8, 4E, 19, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2F, F1, FF, FF, 83, C4, 14, 83, C8, FF, E9, 66, 01, 00, 00, 57, E8, E7, 90, 00, 00, 39, 5F, 04, 59, 89, 45, FC, 7D, 03, 89, 5F, 04, 6A...
 
[+]

Entropy:
6.5001

Code size:
208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

http://www.downrapid.com/node/.../loader.exe

http://www.downswift.com/entry/.../index.html?offer_id=16526&aff_id=11156&transaction_id=bb072689-bff3-4c0f-ae4b-1f29aeb3560f

http://www.yupdownload.com/trace?offer_id=16526&aff_id=11156

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.