» setup.exe
Overview
Analysis
File Details

setup.exe

baidu

Jiajie Yin

The application setup.exe, “baidu Setup ” by Jiajie Yin has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is also typically executed from the user's temporary directory.

File name:

setup.exe

Publisher:

Jiajie Yin (signed and verified)

Product:

baidu

Description:

baidu Setup

MD5:

41c345486f33d3a0545b727f9f0b63cb

SHA-1:

f71ebcf06a2a6b493cc76fee93aa5baf780c5db5

SHA-256:

b55022058292de76bebba9f5d9c2dc161606da5e332ccc72a72dea9771bbc596

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

4/25/2024 8:43:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2040541

444

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/achs.vlo

7.11.213.54

avast!

Win32:Malware-gen

2014.9-151118

AVG

Jiajie

2016.0.2922

Baidu Antivirus

PUA.Win32.HideBaid

4.0.3.151118

Bitdefender

Trojan.GenericKD.2040541

1.0.20.1610

Dr.Web

Trojan.Baidu.36

9.0.1.0322

Emsisoft Anti-Malware

Trojan.GenericKD.2040541

8.15.11.18.09

ESET NOD32

Win32/HideBaid.A potentially unwanted

9.11258

Fortinet FortiGate

Riskware/HideBaid

11/18/2015

F-Secure

Trojan.GenericKD.2040541

11.2015-18-11_4

G Data

Trojan.GenericKD.2040541

15.11.25

IKARUS anti.virus

PUA.HideBaid

t3scan.1.8.6.0

McAfee

Artemis!41C345486F33

5600.6578

MicroWorld eScan

Trojan.GenericKD.2040541

16.0.0.966

NANO AntiVirus

Trojan.Win32.Generic.czzyay

0.30.0.296

nProtect

Trojan.GenericKD.2040541

15.03.02.01

Reason Heuristics

PUP.JiajieYin.Installer (M)

15.11.18.9

Sophos

Generic PUA HE

4.98

Trend Micro House Call

ADW_HIDEBAID

7.2.322

Trend Micro

ADW_HIDEBAID

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

38062

File size:

565.5 KB (579,048 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\temp\setup.exe

Digital Signature

Signed by:

Jiajie Yin

Authority:

WoSign CA Limited

Valid from:

5/14/2014 12:46:39 PM

Valid to:

5/15/2015 12:46:39 PM

Subject:

CN=Jiajie Yin, E=cpa.baidu@gmail.com, L=桂林市, S=广西壮族自治区, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3F13D1662B5F2172EF525E77D131CC4E

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:TQiG05wxeWZTFKBGBhCeEqh4eFBkMw/Rl7q3C8pJtt:TQi1uxRTIU+nqhtBjSl7ut

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.