home

setup_168.exe

T-Installer

The application setup_168.exe by T-Installer has been detected as adware by 31 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl12.centerinstall.net.
Publisher:
T-Installer  (signed and verified)

MD5:
e195fdd6c212fa6975571039e8c3b2f2

SHA-1:
b4c313914648ed1ca62e160a1b23a5e5b98ac36c

SHA-256:
484a04e29191c788dc3df80184c5828ca0edcaeeb8210df343278f4042f8cd9b

Scanner detections:
31 / 68

Status:
Adware

Analysis date:
4/27/2024 4:44:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11226885
857

Agnitum Outpost
Trojan.DL.Agent
7.1.1

Avira AntiVirus
TR/Dldr.Agent.319032
7.11.149.178

avast!
Win32:Agent-ATJH [Trj]
2014.9-140930

AVG
Downloader.Agent2
2015.0.3335

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.14930

Bitdefender
Trojan.Generic.11226885
1.0.20.1365

Comodo Security
UnclassifiedMalware
18274

Emsisoft Anti-Malware
Trojan.Generic.11226885
8.14.09.30.04

ESET NOD32
Win32/TrojanDownloader.Agent.AHE
8.9801

Fortinet FortiGate
W32/Genome.ALF!tr.dldr
9/30/2014

F-Secure
Trojan.Generic.11226885
11.2014-30-09_3

G Data
Trojan.Generic.11226885
14.9.24

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.177.12080

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.3172

Malwarebytes
Trojan.Agent.SCT
v2014.09.30.04

McAfee
RDN/Downloader.a!qf
5600.6991

MicroWorld eScan
Trojan.Generic.11226885
15.0.0.819

NANO AntiVirus
Trojan.Win32.Genome.cwqokq
0.28.0.59826

Norman
Agent.BBWUX
11.20140930

nProtect
Trojan.Generic.11226885
14.05.14.01

Panda Antivirus
Trj/Genetic.gen
14.09.30.04

Qihoo 360 Security
Win32/Trojan.Downloader.bd6
1.0.0.1015

Reason Heuristics
PUP.Installer.TInstaller.J
14.4.21.9

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0FE514
7.2.273

Trend Micro
TROJ_GEN.R0CBC0FE514
10.465.30

Vba32 AntiVirus
TrojanDownloader.Genome
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29222

Zillya! Antivirus
Downloader.Genome.Win32.50421
2.0.0.1789

File size:
311.6 KB (319,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\setup_168.exe

Digital Signature
Signed by:
T-Installer

Authority:
T-Install

Valid from:
4/6/2014 8:54:48 AM

Valid to:
12/31/2039 6:59:59 PM

Subject:
CN=T-Installer

Issuer:
CN=T-Install

Serial number:
C3D1C7E5F2296FB24DF7C0856706CBCA

File PE Metadata
Compilation timestamp:
4/20/2014 7:01:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:3k/MbGOxj1U10c7IzmnkSDQHSW+w+mmMYjrZMO:3yMbNjEc0kSUyW+w+RTHZMO

Entry address:
0x1BDEC

Entry point:
E8, 9C, 80, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 9C, 25, 44, 00, 75, 02, F3, C3, E9, 47, 82, 00, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, FC, 77, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, DC, 60, 43, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F...
 
[+]

Entropy:
5.9527

Code size:
211 KB (216,064 bytes)

The file setup_168.exe has been seen being distributed by the following URL.

http://dl12.centerinstall.net/tmps.exe

Remove setup_168.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.