» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

The executable setup.exe has been detected as malware by 40 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Qualcomm Atheros WiFi Driver Installation by Qualcomm Atheros. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.

File name:

setup.exe

MD5:

20a571241a9391079398dbb6b86a1e33

SHA-1:

c20922e446403186e17ce49e8490b3ba705798f1

SHA-256:

a39e71e2b3f3edad73265c9c5be49dea606b39ebec173d070cc407e1f8958745

Scanner detections:

40 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 7:08:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Neshta.A

6764508

Agnitum Outpost

Win32.Neshta.A

7.1.1

AhnLab V3 Security

Win32/Neshta

2015.03.06

Avira AntiVirus

W32/Neshta.A

7.11.214.42

avast!

Win32:Apanas [Trj]

150303-0

AVG

Worm/Delf.FF

2014.0.4257

Baidu Antivirus

Virus.Win32.Neshta.$a

4.0.3.1536

Bitdefender

Win32.Neshta.A

1.0.20.325

Bkav FE

W32.NeshtaB.PE

1.3.0.6379

Clam AntiVirus

W32.Neshuta.A

0.98/20153

Comodo Security

Win32.Neshta.A

21311

Dr.Web

Win32.HLLP.Neshta

9.0.1.05190

Emsisoft Anti-Malware

Win32.Neshta

9.0.0.4799

ESET NOD32

Win32/Neshta.A virus

7.0.302.0

Fortinet FortiGate

W32/Neshta.A

3/6/2015

F-Prot

W32/HLLP.41472

4.6.5.141

F-Secure

Win32.Neshta.A

5.13.68

G Data

Win32.Neshta

15.3.25

IKARUS anti.virus

Virus.Win32.Neshta

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.200.15179

Kaspersky

Virus.Win32.Neshta

15.0.0.543

McAfee

Virus.W32/HLLP.41472.e

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.193.1887.0

MicroWorld eScan

Win32.Neshta.A

16.0.0.195

NANO AntiVirus

Virus.Win32.Neshta.cdby

0.30.0.296

Norman

Win32.Neshta.A

03.12.2014 13:20:04

nProtect

Virus/W32.Neshta

15.03.06.01

Panda Antivirus

W32/Neshta.A

15.03.06.05

Qihoo 360 Security

Win32/Virus.e30

1.0.0.1015

Quick Heal

W32.Neshta.C8

3.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.6.5

Rising Antivirus

PE:Win32.Netsha.a!411233

23.00.65.15304

Sophos

Virus 'W32/Bloat-A'

5.11

Total Defense

Win32/Neshta.A

37.0.11479

Trend Micro House Call

PE_NESHTA.A

7.2.65

Trend Micro

PE_NESHTA.A

10.465.06

Vba32 AntiVirus

Virus.Win32.Neshta.a

3.12.26.3

VIPRE Antivirus

Threat.4276445

38050

ViRobot

Win32.Neshta.B[h]

2014.3.20.0

Zillya! Antivirus

Virus.Neshta.Win32.1

2.0.0.2089

File size:

827.7 KB (847,520 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\installshield installation information\{28006915-2739-4ebe-b5e8-49b25d32eb33}\setup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:y+GLHik/Lz/BXuALlNcLdUF3qWojW6Kj84C:y+GLik/fBXTMmQWojW784C

Entry address:

0x80E4

Entry point:

55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40... 
[+]

Entropy:

6.6575

Developed / compiled with:

Microsoft Visual C++

Code size:

29 KB (29,696 bytes)

Program Uninstaller

Program name:

Qualcomm Atheros WiFi Driver Installation

Display publisher:

Qualcomm Atheros

Display version:

3.1

Uninstall string:

"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.