home

shsetup.dll

TCP/IP Ping Command

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library shsetup.dll, “TCP/IP Ping Command” has been detected as malware by 10 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
TCP/IP Ping Command

Version:
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)

MD5:
96f3c76695eb8d92ae985c475e326f23

SHA-1:
bf8077eecda97e5d85791308bd26f061c8a3cab5

SHA-256:
9e6f81ca1c3449c7e8466fad15b8c950e91338197283641b407e99b9a2ce2717

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/26/2024 6:27:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
BackDoor.Generic18
2016.0.3055

ESET NOD32
Win64/Kryptik.VT (variant)
9.11854

Fortinet FortiGate
W32/Kryptik.I!tr
7/7/2015

K7 AntiVirus
Trojan
13.205.16384

Malwarebytes
Trojan.Bedep.64
v2015.07.07.05

McAfee
Generic.xb
5600.6711

Microsoft Security Essentials
Backdoor:Win64/Bedep.A
1.1.11804.0

Panda Antivirus
Trj/Chgt.O
15.07.07.05

Sophos
Mal/Vawtrak-I
4.98

VIPRE Antivirus
Backdoor.Win64.Bedep
41512

File size:
212.9 KB (218,016 bytes)

Product version:
5.2.3790.1830

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ping.exe

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\{9a88e103-a20a-4ea5-8636-c73b709a5bf8}\shsetup.dll

File PE Metadata
Compilation timestamp:
3/7/2006 7:13:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:ZSJ987IUqCuI6yez7jgbuP/QEqBsPOobyNe:u89c7rP/QEqBsPOW4e

Entry address:
0x2909

Entry point:
3B, 52, 24, F9, E9, B8, A5, 0E, E1, 83, 61, F7, BD, 70, F6, B0, B5, 4C, 7C, 8F, 80, D4, 00, C9, A3, 33, 29, 62, 52, 0D, 45, CF, B0, C7, F2, FE, 87, 88, 49, 37, F3, 7E, 50, DA, 2A, B7, 0D, 1A, DB, 81, 61, 7C, 3E, E3, C2, F3, 30, 8C, 40, 3F, 9F, 74, 1C, FB, A1, 33, 26, 9C, DD, C3, E9, 73, BE, 97, F0, F1, 30, 67, 95, 3F, 8F, 74, 14, FB, A1, 33, EF, AE, DD, D1, 63, F7, B2, C7, C1, 23, 78, 01, 84, 90, 5B, 52, 24, F9, 49, C5, D5, D5, 26, BA, E5, D3, 3A, C4, F2, F1, 45, 92, 40, 3F, 8F, 74, 64, FB, A1, 33, 61, A1...
 
[+]

Entropy:
7.5570

Code size:
27 KB (27,648 bytes)

Remove shsetup.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.