home

SetupDll.dll

SetupDll

Tan Qilin

The module SetupDll.dll by Tan Qilin has been detected as adware by 9 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Microsoft  (signed by Tan Qilin)

Product:
SetupDll

Version:
1.00

MD5:
cff588910879a733e97699201ea3d635

SHA-1:
aa6487b18f775e05c2b7cfcd5f464e81a07b65ab

SHA-256:
2705f562ecc7138e5e7a1b9f7bdf51d92270c9b49c975d48b84d90bae11ff9b1

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
4/26/2024 1:41:25 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3353

ESET NOD32
Win32/RSoftware (variant)
8.10190

IKARUS anti.virus
PUA.RSoftware
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.182.12926

McAfee
Artemis!CFF588910879
5600.7009

Reason Heuristics
PUP.Installer.TanQilin.F
14.9.12.12

Sophos
Generic PUA KK
4.98

Trend Micro House Call
Suspicious_GEN.F47V0725
7.2.255

VIPRE Antivirus
Trojan.Win32.Generic
31824

File size:
131.5 KB (134,696 bytes)

Product version:
1.00

Original file name:
SetupDll.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setupdll.dll

Digital Signature
Signed by:
Tan Qilin

Authority:
WoSign CA Limited

Valid from:
5/28/2014 8:07:02 AM

Valid to:
5/28/2015 8:07:02 AM

Subject:
CN=Tan Qilin, E=1367024804@qq.com, L=资阳市, S=四川省, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07069DFE674402DA3B481D6E2AD40FDE

File PE Metadata
Compilation timestamp:
6/18/2014 10:46:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:HqLaZr/03IrjOBFpCbH1oz6DyJKdOJceCbiaE:HowQZFps1ZdOGiJ

Entry address:
0x1BD8

Entry point:
5A, 68, DC, C0, 01, 11, 68, E0, C0, 01, 11, 52, E9, E7, FF, FF, FF, 00, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 50, 3B, 3A, E8, C8, 25, 2E, 4A, 8C, 3B, 02, 38, 3D, 1D, 4C, E8, 00, 00, 00, 00, 00, 00, 28, 00, 00, 00, 41, 00, 20, 08, 41, 00, 53, 65, 74, 75, 70, 44, 6C, 6C, 00, 00, 00, 00, 00, 00, 00, 00, 00, B3, 58, 02, 1D, 00, 00, 00, A8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, 2B, 32, BE, 09, 03, 74, E1, 4D, 94, DF, 32, 66, FE, 40, 99, 0B...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
100 KB (102,400 bytes)

Remove SetupDll.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.