» setupa.exe
Overview
Analysis
File Details
Downloads (2)

setupa.exe

White Sea Media

The application setupa.exe by White Sea Media has been detected as adware by 27 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from pingbackconnect.com and multiple other hosts.

File name:

setupa.exe

Publisher:

White Sea Media (signed and verified)

MD5:

98339669b55a75901ba6e0022a1743f4

SHA-1:

555dd396175520019d846a6c221fdeb3649672cc

SHA-256:

8bdb0521ce91fad7d351b8598e99445915c164710503b53555f8df33a00ee0b3

Scanner detections:

27 / 68

Status:

Adware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 6:51:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.79593

1100

Agnitum Outpost

Trojan.Zusy

7.1.1

AhnLab V3 Security

Trojan/Win32.BitCoinMiner

2014.01.30

Avira AntiVirus

TR/Zusy.79593

7.11.128.0

avast!

Win32:BitCoinMiner-FE [Trj]

2014.9-140130

AVG

Win32/DH

2015.0.3578

Bitdefender

Gen:Variant.Zusy.79593

1.0.20.150

Comodo Security

UnclassifiedMalware

17697

Dr.Web

Trojan.DownLoader9.14651

9.0.1.030

Emsisoft Anti-Malware

Gen:Variant.Zusy.79593

8.14.01.30.02

ESET NOD32

Win32/CoinMiner.JO (variant)

8.9355

Fortinet FortiGate

W32/CoinMiner.JO!tr

1/30/2014

F-Secure

Gen:Variant.Zusy.79593

11.2014-30-01_5

G Data

Gen:Variant.Zusy.79593

14.1.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.11003

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.4387

McAfee

Artemis!98339669B55A

5600.7234

MicroWorld eScan

Gen:Variant.Zusy.79593

15.0.0.90

Norman

Downloader

11.20140130

Panda Antivirus

Suspicious file

14.01.30.02

Qihoo 360 Security

Win32/Trojan.2e2

1.0.0.1015

Reason Heuristics

PUP.Installer.WhiteSeaMedia.G

14.8.7.21

Sophos

Mal/Generic-S

4.97

Trend Micro House Call

TROJ_GEN.R0CBB01AR14

7.2.30

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

25954

File size:

55.7 KB (57,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setupa.exe

Digital Signature

Signed by:

White Sea Media

Authority:

COMODO CA Limited

Valid from:

7/8/2013 2:00:00 AM

Valid to:

7/9/2014 1:59:59 AM

Subject:

CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata

Compilation timestamp:

1/13/2014 3:01:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

768:zDJ3lVu3d4IEMdgnyhiN5CufXMR/9eVaHg2PfzEDfAnwsyjAyv8nKged:zV63CSdRizfc/bPfJwiy0nEd

Entry address:

0x1F51

Entry point:

E8, F2, 2D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, FC, 93, 40, 00, FF, 15, 44, 90, 40, 00, 85, C0, 74, 15, 68, EC, 93, 40, 00, 50, FF, 15, 24, 90, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 48, 90, 40, 00, CC, 6A, 08, E8, B8, 2F, 00, 00, 59, C3, 6A, 08, E8, D6, 2E, 00, 00, 59, C3, 8B, FF, 56, E8, 1C, 29, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8B, 14, 00, 00, 56, E8, 22, 32, 00, 00, 56, E8, 0D, 32, 00... 
[+]

Code size:

28.5 KB (29,184 bytes)

The file setupa.exe has been seen being distributed by the following 2 URLs.

http://pingbackconnect.com/setup-s?pubid=847

http://downloads.shoppingsuggestion.com/setupa.exe

Remove setupa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.