» setup.exe
Overview
Analysis
File Details
Downloads (2)

setup.exe

USB Disk Security

Lanzhou Itanium Software Technology Co., Ltd.

The application setup.exe, “USB Disk Security Setup ” by Lanzhou Itanium Software Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.

File name:

setup.exe

Publisher:

Zbshareware Lab (signed by Lanzhou Itanium Software Technology Co., Ltd.)

Product:

USB Disk Security

Description:

USB Disk Security Setup

Version:

6.4.0.136

MD5:

f448016b023e9d354125c4427dedbcb6

SHA-1:

e7459becf8acdd165e80d9b09be0537419eafb1a

SHA-256:

640fbfe082f79187e7ee66ddf7664c089371a310c2a1484ec9a21a664850e0d8

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/19/2024 3:40:49 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy.A potentially unsafe application

8.0.319.0

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.3.16.15

VIPRE Antivirus

Threat.4150696

47580

File size:

4.1 MB (4,324,072 bytes)

Product version:

6.4.0.136

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Lanzhou Itanium Software Technology Co., Ltd.

Authority:

COMODO CA Limited

Valid from:

6/13/2013 3:00:00 AM

Valid to:

6/13/2016 2:59:59 AM

Subject:

CN="Lanzhou Itanium Software Technology Co., Ltd.", O="Lanzhou Itanium Software Technology Co., Ltd.", STREET="Qilihe gold Jinhai Garden City Unit 5, Building 2, Room 901", L=Lanzhou, S=Gansu Province, PostalCode=--, C=CN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

07A02F5A15C92FAEBE1571FB0FC35EDD

File PE Metadata

Compilation timestamp:

1/30/2013 4:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:DMd3sp5k7tvpk0CYdPj/+oCqr1DBPOT8EjsUGTWpKEE7sbFs4fii+bi54:DMekhp1CmL+rQfO8Ej1Gqwi3ii+bie

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://software-files-a.cnet.com/s/software/13/77/87/.../USBGuard6.4.0.136.exe

http://zbshareware.com/downloads/.../USBGuard6.4.0.136.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.