home

setup.exe

Nanning weiwu Technology co.,ltd.

The application setup.exe by Nanning weiwu Technology co.,ltd has been detected as adware by 30 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downrapid.com and multiple other hosts.
Publisher:
Nanning weiwu Technology co.,ltd.  (signed and verified)

MD5:
6833902f66795df4f78c88f9bb99ab88

SHA-1:
d736a2040206a468e445584ce26859d0d8ac694f

SHA-256:
024ae6a327f8a969a9a714b77034928e5c03bd4ecd6d4c082b08cffa76d6afe9

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
5/8/2024 5:40:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BV
812

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.171.22

avast!
Win32:Malware-gen
2014.9-141114

AVG
Generic
2015.0.3290

Bitdefender
Application.Bundler.BV
1.0.20.1590

Comodo Security
Application.Win32.VOPackage.AGEE
19215

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BV
14.11.14

ESET NOD32
Win32/SquareNet.C potentially unwanted application
7.0.302.0

F-Prot
W32/A-f5b31e60
v6.4.7.1.166

F-Secure
Application.Bundler.BV
11.2014-14-11_6

G Data
Application.Bundler.BV
14.11.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13286

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Bundler
v2014.11.14.04

McAfee
Trojan.Artemis!8AD99BE16418
5600.6946

Microsoft Security Essentials
Threat.Undefined
1.179.3144.0

MicroWorld eScan
Application.Bundler.BV
15.0.0.954

NANO AntiVirus
Trojan.Win32.DownLoader11.ddwmsg
0.28.2.61942

nProtect
Trojan-Clicker/W32.Agent.300920
14.09.05.01

Panda Antivirus
Trj/Genetic.gen
14.11.14.04

Reason Heuristics
PUP.Installer.NanningweiwuTechnologycoltd.F
14.11.14.16

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
PUP.SquareNet
10238

Total Defense
Win32/Tnega.YYZPCZB
37.0.11279

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Backdoor.PePatch.Win32.39632
2.0.0.1913

File size:
293.9 KB (300,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Nanning weiwu Technology co.,ltd.

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/23/2015 12:59:59 AM

Subject:
CN="Nanning weiwu Technology co.,ltd.", O="Nanning weiwu Technology co.,ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00EE7D6082BD217E6FBABE223E889CE1

File PE Metadata
Compilation timestamp:
8/12/2014 9:19:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:IJfkJRqZJmR7/suqDDfEoRk4ZVL15xUo3PKpQv:IZkKg7/suqPEoRk4zJ5xU+Fv

Entry address:
0x208BB

Entry point:
E8, 28, A1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 15, 30, 51, 43, 00, 85, C0, 75, 08, FF, 15, AC, 50, 43, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, 96, 19, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 20, E8, 4E, 19, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2F, F1, FF, FF, 83, C4, 14, 83, C8, FF, E9, 66, 01, 00, 00, 57, E8, E7, 90, 00, 00, 39, 5F, 04, 59, 89, 45, FC, 7D, 03, 89, 5F, 04, 6A...
 
[+]

Entropy:
6.5002

Code size:
208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following 6 URLs.

http://www.downrapid.com/node/.../loader.exe

http://www.downswift.com/entry/.../index.html?offer_id=100037&aff_id=11156&transaction_id=c42cef3d-7e15-4189-bea9-e4ed682add0f

http://www.yupdownload.com/trace?offer_id=100037&aff_id=11156

http://get.download2desktop.com/.../Get?p=7302&d=1775&l=1694&n=0&d1=13409&clickid=833208371

http://cld2r.com/?a=13409&c=61974&s1=APP-UK&ckmguid=b5975b6d-cda0-4d62-8866-e18588f4b63b

http://cldrload.com/?a=13409&c=61974&s1=APP-UK

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.