home

setup_cp26_1.exe

LivePlex Corp

The application setup_cp26_1.exe by LivePlex Corp has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from click.ali213.net.
Publisher:
LivePlex Corp  (signed and verified)

Version:
1.0.0.221

MD5:
54976f470a449e90b6423c5f60773f6f

SHA-1:
f589b8c25032695f1d0ab0cb6f092f0ada9f7bb0

SHA-256:
b2f6ef46119ab6bf223b5ccc4b4f90f77e5ddd5bfc3ed0e53f5c37f6e661f889

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
7/2/2025 2:27:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2099491
134

AegisLab AV Signature
Troj.W32.Badur.nbrw!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Gen.N1402571985
3.7.5.15

Avira AntiVirus
TR/Agent.3414592
8.3.3.4

Arcabit
Trojan.Generic.D200923
1.0.0.772

avast!
Win32:Evo-gen [Susp]
2014.9-160922

AVG
Win32/DH{TiRX?}
2017.0.2612

Bitdefender
Trojan.GenericKD.2099491
1.0.20.1330

Bkav FE
W32.HfsAdware
1.3.0.8108

Comodo Security
UnclassifiedMalware
25710

Emsisoft Anti-Malware
Trojan.GenericKD.2099491
8.16.09.22.06

ESET NOD32
Win32/Adware.SBYinYing (variant)
10.14073

Fortinet FortiGate
W32/Badur.CWID!tr
9/22/2016

F-Secure
Trojan.GenericKD.2099491
11.2016-22-09_5

G Data
Trojan.GenericKD.2099491
16.9.25

IKARUS anti.virus
Trojan.Click
t3scan.2.1.6.0

K7 AntiVirus
Riskware
13.238.20775

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.-444

McAfee
Artemis!54976F470A44
5600.6268

MicroWorld eScan
Trojan.GenericKD.2099491
17.0.0.798

NANO AntiVirus
Trojan.Win32.Agent.dmsqzm
1.0.38.8984

Panda Antivirus
Trj/CI.A
16.09.22.06

Qihoo 360 Security
Trojan.Generic
1.0.0.1120

Quick Heal
Trojan.Badur.ga
9.16.14.00

Rising Antivirus
Malware.Undefined!8.C-Xnz4zo1MUbE (cloud)
23.00.65.16920

Sophos
Mal/Generic-S
4.98

Vba32 AntiVirus
TrojanClicker.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
51972

ViRobot
Trojan.Win32.S.Agent.3414592[h]
2014.3.20.0

Zillya! Antivirus
Adware.AgentCRT.Win32.511
2.0.0.3039

File size:
3.3 MB (3,414,592 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup_cp26_1.exe

Digital Signature
Signed by:
LivePlex Corp

Authority:
Thawte, Inc.

Valid from:
4/9/2012 8:00:00 AM

Valid to:
6/9/2014 7:59:59 AM

Subject:
CN=LivePlex Corp, O=LivePlex Corp, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3F5542E2E71D8DB357041C9DD45B950A

File PE Metadata
Compilation timestamp:
1/21/2014 4:59:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:EKXfgeooWiLwZwIbN9OjoQfuA3weV5x979VV:EKXf+oWOwZweN9IoQfuK5xZd

Entry address:
0xEAFB8

Entry point:
55, 8B, EC, 83, C4, F0, B8, E4, 39, 4E, 00, E8, 38, EF, F1, FF, A1, 6C, FD, 4E, 00, 8B, 00, E8, 20, 09, FB, FF, A1, 6C, FD, 4E, 00, 8B, 00, B2, 01, E8, 2A, 25, FB, FF, 8B, 0D, FC, FE, 4E, 00, A1, 6C, FD, 4E, 00, 8B, 00, 8B, 15, D8, 2D, 4E, 00, E8, 12, 09, FB, FF, A1, 6C, FD, 4E, 00, 8B, 00, E8, 56, 0A, FB, FF, E8, 61, AE, F1, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7160

Developed / compiled with:
Microsoft Visual C++

Code size:
934 KB (956,416 bytes)

The file setup_cp26_1.exe has been seen being distributed by the following URL.

http://click.ali213.net/ALiClick-374.html

Remove setup_cp26_1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.