» setup.exe
Overview
Analysis
File Details
Behaviors (1)

setup.exe

The executable setup.exe has been detected as malware by 28 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a separate (within the context of its own process) windows Service named “DLANX”.

File name:

setup.exe

MD5:

dc41ad1e044aadd641be3cc5cdbacece

SHA-1:

6449d050f9c551b4ae418c05432ce44ba633c06a

SHA-256:

dcf81b60ef8a852e784ce7b85b75b21b2130baa13ddd2319ff3d26f134624589

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/29/2024 5:54:07 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Dropper/Downloader.40960.Q

2010.09.25

Avira AntiVirus

W32/Almanahe.B

7.10.12.30

avast!

Win32:Small-MIJ

2014.9-170311

AVG

Win32/Alman

2018.0.2443

Bitdefender

Win32.Almanahe.B

1.0.20.350

Comodo Security

Virus.Win32.Almanahe._0

6198

Dr.Web

Win32.Alman

9.0.1.070

Emsisoft Anti-Malware

Virus.Win32.Alman!IK

8.17.03.11.05

ESET NOD32

Win32/Alman.NAE (variant)

11.5479

F-Prot

W32/Heuristic-210

v6.4.6.2.117

F-Secure

Win32.Almanahe.B

11.2017-11-03_7

G Data

Win32.Almanahe

17.3.21

IKARUS anti.virus

Virus.Win32.Alman

t3scan.1.1.88.0

K7 AntiVirus

Riskware

13.63.2608

Kaspersky

Trojan-Dropper.Win32.Small

14.0.0.-1291

McAfee

W32/Almanahe

5600.6099

Microsoft Security Essentials

Trojan:Win32/Almanahe.E.dll

1.163.1557.0

Norman

W32/Rootkit.AHH.dropper

11.20170311

nProtect

Win32.Almanahe.B

10.09.25.01

Panda Antivirus

Generic Malware

17.03.11.05

Prevx

Medium Risk Malware

3.0

Quick Heal

Win32.Trojan-Dropper.Small.axz

3.17.11.00

Rising Antivirus

Worm.Magistr.h

23.00.65.17309

Sophos

W32/Alman-F

4.58

Trend Micro House Call

TROJ_CORELINK.D

7.2.70

Trend Micro

TROJ_CORELINK.D

10.465.11

Vba32 AntiVirus

Trojan-Dropper.Win32.Small.axz

3.12.14.1

ViRobot

Trojan.Win32.Small.40960.O

2010.9.25.4060

File size:

40 KB (40,960 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

4/14/2007 10:37:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

Entry address:

0x1A00

Entry point:

EB, 0F, 5B, B9, 50, 00, 00, 00, 4B, 80, 34, 0B, 84, E2, FA, EB, 05, E8, EC, FF, FF, FF, 6C, 98, 84, 84, 84, 3F, AC, 94, 84, 84, 87, 5C, 3D, 84, 8C, 84, 84, CF, 3E, 24, 93, 84, 84, 87, 54, D6, 04, B0, 8F, 3A, 66, 7E, 47, D7, 6C, 84, 84, 84, 84, DC, A9, A3, 94, C4, 84, 3F, A3, 94, C4, 84, 87, 5C, CF, E2, B7, 5F, E2, 05, BF, C9, DE, F1, 71, 0F, 77, 87, F7, B8, 05, BA, D4, C1, 84, 84, F1, 6C, 0F, 47, DF, 47, 9A, 68, 81, 04, 60, 00, 00, 00, 00, 08, 16, 40, FE, FD, 2F, 40, E0, 2E, 80, 16, 40, 00, 00, 8D, 80, 47... 
[+]

Entropy:

7.8229 (probably packed)

Code size:

2.5 KB (2,560 bytes)

Service

Display name:

DLANX

Type:

Win32OwnProcess

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.