home

setupxv.exe

7-Zip

C-NetMedia

The application setupxv.exe by C-NetMedia has been detected as adware by 24 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Igor Pavlov  (signed by C-NetMedia)

Product:
7-Zip

Description:
7z Setup SFX

Version:
4.42

MD5:
7f87595b4fcc7df7b0011f6ec5bbfb84

SHA-1:
d05e5f6a43036d8b86128ef99cc7ec184b63610b

SHA-256:
6a108bdf3c0bceebfd2ca18a54a66a932e9996e36edf7903f352286702404e2c

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/26/2024 12:05:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.2499895
824

AhnLab V3 Security
Dropper/Win32.Rogue
2014.11.03

Avira AntiVirus
TR/Fraud.Gen
7.11.30.172

avast!
Win32:Remover-B [PUP]
2014.9-141102

Bitdefender
Trojan.Generic.2499895
1.0.20.1530

Emsisoft Anti-Malware
Trojan.Generic.2499895
14.11.02

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/AntiSpyware
11/2/2014

F-Prot
W32/A-cb685c30
v6.4.7.1.166

F-Secure
Rogue:W32/WinFixer.AM
11.2014-02-11_1

G Data
Trojan.Generic.2499895
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

Malwarebytes
Rogue.Installer
v2014.11.02.01

McAfee
ErrorKiller
5600.6958

MicroWorld eScan
Trojan.Generic.2499895
15.0.0.918

NANO AntiVirus
Trojan.Win32.SpyClean.cwbtwq
0.28.6.62995

Norman
FakeAV.Z!genr
11.20141102

nProtect
Trojan.Generic.2499895
14.10.31.01

Reason Heuristics
PUP.Installer.CNetMedia.H
14.11.21.23

Sophos
Mal/FakeAV-AQ
4.98

Trend Micro House Call
Mal_FakeAV-20
7.2.306

Trend Micro
Mal_FakeAV-20
10.465.02

Vba32 AntiVirus
Signed-FraudTool.Win32.SpywareBot.i
3.12.26.3

VIPRE Antivirus
Threat.394387
34232

File size:
2.4 MB (2,525,568 bytes)

Product version:
4.42

Copyright:
Copyright (c) 1999-2006 Igor Pavlov

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\setupxv.exe

Digital Signature
Signed by:
C-NetMedia

Authority:
VeriSign, Inc.

Valid from:
11/13/2006 6:00:00 PM

Valid to:
11/15/2007 5:59:59 PM

Subject:
CN=C-NetMedia, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=C-NetMedia, L=Mobile, S=Alabama, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38F51432ABAD3AA35011F824E0C565EC

File PE Metadata
Compilation timestamp:
5/13/2006 11:25:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:v7nLpRrnkw9Bo3Li5ADDaVHgtb5dXv0rWqvirMH:vzTkw9Afnt7sYq

Entry address:
0x3B3A0

Entry point:
60, BE, 00, E0, 42, 00, 8D, BE, 00, 30, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9962

Packer / compiler:
UPX 2.90LZMA

Code size:
56 KB (57,344 bytes)

Remove setupxv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.