» setup_168.exe
Overview
Analysis
File Details

setup_168.exe

T-Installer

The application setup_168.exe by T-Installer has been detected as adware by 29 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

setup_168.exe

Publisher:

T-Installer (signed and verified)

MD5:

8fbd9a9c28a5250742e6d0c2e26f06cd

SHA-1:

94f063fbb0e1a6c14bc1754b39c3b18cf0693beb

SHA-256:

dd7e2732fb8e6a0dfa7cace6dae6ab50c1782052fe8ddc4ae77ad9f1bdf7776a

Scanner detections:

29 / 68

Status:

Adware

Analysis date:

4/24/2024 10:25:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11307823

817

Agnitum Outpost

Trojan.DL.Agent

7.1.1

Avira AntiVirus

TR/Dldr.Agent.326728

7.11.151.114

avast!

Win32:Agent-ATPU [Trj]

2014.9-141109

AVG

T-Installer

2015.0.3295

Baidu Antivirus

Trojan.Win32.Downloader

4.0.3.14119

Bitdefender

Trojan.Generic.11307823

1.0.20.1565

Emsisoft Anti-Malware

Trojan.Generic.11307823

8.14.11.09.05

ESET NOD32

Win32/TrojanDownloader.Agent.AOO (variant)

8.9849

Fortinet FortiGate

W32/Genome.ALF!tr.dldr

11/9/2014

F-Secure

Trojan.Generic.11307823

11.2014-09-11_1

G Data

Trojan.Generic.11307823

14.11.24

IKARUS anti.virus

Trojan-Downloader.Agent

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.178.12184

Kaspersky

Trojan.Win32.Badur

14.0.0.2971

Malwarebytes

Trojan.Agent.SCT

v2014.11.30.12

McAfee

Artemis!8FBD9A9C28A5

5600.6951

MicroWorld eScan

Trojan.Generic.11307823

15.0.0.939

NANO AntiVirus

Trojan.Win32.Badur.cyxoox

0.28.0.59921

Norman

Agent.BBWUX

11.20141109

nProtect

Trojan.Generic.11307823

14.05.25.01

Panda Antivirus

Trj/Genetic.gen

14.11.09.05

Qihoo 360 Security

Win32/Trojan.Downloader.739

1.0.0.1015

Quick Heal

Trojan.Badur.r5

11.14.14.00

Reason Heuristics

PUP.Installer.TInstaller.J

14.11.9.17

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBB01EL14

7.2.313

Trend Micro

TROJ_GEN.R0CBC0UEL14

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

29622

File size:

319.1 KB (326,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\setup_168.exe

Digital Signature

Signed by:

T-Installer

Authority:

T-Install

Valid from:

4/6/2014 3:54:48 PM

Valid to:

1/1/2040 1:59:59 AM

Subject:

CN=T-Installer

Issuer:

CN=T-Install

Serial number:

C3D1C7E5F2296FB24DF7C0856706CBCA

File PE Metadata

Compilation timestamp:

5/18/2014 6:08:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:60GhPvppfbBhBGDFl1w7B5xIEsBfGpbWQbCzH:61vppflc1w7BrIEsBfGpbRbCzH

Entry address:

0x2169E

Entry point:

E8, 99, 91, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, FC, 28, 44, 00, 75, 02, F3, C3, E9, 44, 93, 00, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, FC, 28, 44, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, FC, 28, 44, 00, 33, C5, 50, 89... 
[+]

Entropy:

5.8661

Code size:

210.5 KB (215,552 bytes)

Remove setup_168.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.