» setup_h211_74.exe
Overview
Analysis
File Details

setup_h211_74.exe

LivePlex Corp

The application setup_h211_74.exe by LivePlex Corp has been detected as a potentially unwanted program by 25 anti-malware scanners.

File name:

setup_h211_74.exe

Publisher:

LivePlex Corp (signed and verified)

Version:

1.0.0.581

MD5:

6589ccdf06154af17d4d6b5ce853b0dd

SHA-1:

13973c39e73a87843dee33dc150d3c6da3a3f9a3

SHA-256:

61795724e2637af4c138eeda7c95f93d085a9ad6e1b4227df0e40b72e534d240

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:04:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2128418

624

Agnitum Outpost

Trojan.Crypt

7.1.1

Avira AntiVirus

TR/Rogue.2956864.1

3.6.1.96

avast!

Win32:Adware-gen [Adw]

2014.9-150521

Bitdefender

Trojan.GenericKD.2128418

1.0.20.705

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Trojan.GenericKD.2128418

8.15.05.21.01

ESET NOD32

Win32/Adware.SBYinYing (variant)

9.11390

Fortinet FortiGate

W32/Kryptik.CWID!tr

5/21/2015

F-Secure

Trojan.GenericKD.2128418

11.2015-21-05_5

G Data

Trojan.GenericKD.2128418

15.5.25

IKARUS anti.virus

PUA.FileTour

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.202.15410

Kaspersky

Trojan.Win32.Crypt

14.0.0.2007

McAfee

Artemis!6589CCDF0615

5600.6758

MicroWorld eScan

Trojan.GenericKD.2128418

16.0.0.423

NANO AntiVirus

Trojan.Win32.Rogue.dnktsg

0.30.8.659

nProtect

Trojan.GenericKD.2128418

15.03.27.01

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Crypt.ga

5.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.11BF15

7.2.141

Trend Micro

TROJ_SPNR.11BF15

10.465.21

Vba32 AntiVirus

Trojan.Crypt

3.12.26.3

Zillya! Antivirus

Trojan.Crypt.Win32.18505

2.0.0.2119

File size:

2.8 MB (2,956,864 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\roaming\setup_h211_74.exe

Digital Signature

Signed by:

LivePlex Corp

Authority:

Thawte, Inc.

Valid from:

4/9/2012 10:00:00 AM

Valid to:

6/9/2014 9:59:59 AM

Subject:

CN=LivePlex Corp, O=LivePlex Corp, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3F5542E2E71D8DB357041C9DD45B950A

File PE Metadata

Compilation timestamp:

1/30/2014 7:20:00 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:B5W2UCSn5TTtcTxuObGToYBMaYH+eozmcH36NkiTjqygO8R9:B5W2qTtcfmeP/bt6

Entry address:

0x13A1EC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 68, 21, 53, 00, E8, 24, 00, ED, FF, A1, 60, 36, 54, 00, 8B, 00, E8, 70, B6, F7, FF, A1, 60, 36, 54, 00, 8B, 00, B2, 01, E8, 7A, D2, F7, FF, 8B, 0D, AC, 34, 54, 00, A1, 60, 36, 54, 00, 8B, 00, 8B, 15, F8, DF, 52, 00, E8, 62, B6, F7, FF, A1, 60, 36, 54, 00, 8B, 00, E8, A6, B7, F7, FF, E8, D1, BC, EC, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.4330

Developed / compiled with:

Microsoft Visual C++

Code size:

1.2 MB (1,280,512 bytes)

Remove setup_h211_74.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.