home

setup_cd18_1.exe

hlj.exe

孙中元

The application setup_cd18_1.exe by 孙中元 has been detected as a potentially unwanted program by 27 anti-malware scanners. The file has been seen being downloaded from 210.6.198.18 and multiple other hosts.
Publisher:
黑龙江网络有限公司  (signed by 孙中元)

Product:
hlj.exe

Description:
the best for you

Version:
1.0.0.366

MD5:
560b05739f2443d3e9ae6612cf1dd552

SHA-1:
a9bd172b3f9b266908c9fe2f93b2d961f605d1b4

SHA-256:
11257c7c5b4b2e2525b9f68ffd7bb8d4b8a2815d5ec45eb03a7e8203dd1f97b7

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
5/20/2024 4:26:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.74670
684

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.03.10

Avira AntiVirus
TR/Agent.3275096
7.11.215.110

AVG
Crypt3
2016.0.3162

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.15323

Bitdefender
Gen:Variant.Strictor.74670
1.0.20.410

Emsisoft Anti-Malware
Gen:Variant.Strictor.74670
8.15.03.23.04

ESET NOD32
Win32/Kryptik.CWID (variant)
9.11292

Fortinet FortiGate
W32/Generic!tr
3/23/2015

F-Secure
Gen:Variant.Strictor.74670
11.2015-23-03_2

G Data
Gen:Variant.Strictor.74670
15.3.25

IKARUS anti.virus
PUA.FileTour
t3scan.1.8.6.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2304

McAfee
Artemis!560B05739F24
5600.6818

MicroWorld eScan
Gen:Variant.Strictor.74670
16.0.0.246

NANO AntiVirus
Trojan.Win32.MLW.dlszkp
0.30.0.296

Norman
Suspicious_Gen5.BAZAW
11.20150323

Panda Antivirus
Trj/CI.A
15.03.23.04

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
Trojan.Generic.ga
3.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.24.1

Rising Antivirus
PE:Trojan.Win32.Generic.17F0A7C7!401647559
23.00.65.15321

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.3AB615
7.2.82

Trend Micro
TROJ_SPNR.3AB615
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic
38268

File size:
3.1 MB (3,275,096 bytes)

Product version:
1.0.0.0

Original file name:
hlj.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup_cd18_1.exe

Digital Signature
Signed by:
孙中元

Authority:
Unizeto Technologies S.A.

Valid from:
1/6/2014 8:00:00 AM

Valid to:
1/6/2015 8:00:00 AM

Subject:
CN="Open Source Developer, 孙中元", O=孙中元, C=CN

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
1EFA0F2B42B625FC1E90EF0F3C093B28

File PE Metadata
Compilation timestamp:
1/5/2015 11:35:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:m8YiSSrkFn0Mn8iPcBPTwNHMgDpUHKnBWFv6dV4/ilh8R9u:mbn0Mn885DpUMivK4636u

Entry address:
0x1351EC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, D3, 52, 00, E8, 24, 50, ED, FF, A1, 2C, E5, 53, 00, 8B, 00, E8, 48, 02, F8, FF, A1, 2C, E5, 53, 00, 8B, 00, B2, 01, E8, 52, 1E, F8, FF, 8B, 0D, 7C, E3, 53, 00, A1, 2C, E5, 53, 00, 8B, 00, 8B, 15, 30, 9F, 52, 00, E8, 3A, 02, F8, FF, A1, 2C, E5, 53, 00, 8B, 00, E8, 7E, 03, F8, FF, E8, D1, 0C, ED, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5275

Developed / compiled with:
Microsoft Visual C++

Code size:
1.2 MB (1,260,032 bytes)

The file setup_cd18_1.exe has been seen being distributed by the following 2 URLs.

http://210.6.198.18/.../setup_CD18_1.exe

http://soft.chupiao365.com/setup_CD18_1.exe

Remove setup_cd18_1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.