» setup_ver1.1471.0.exe
Overview
Analysis
File Details

setup_ver1.1471.0.exe

The application setup_ver1.1471.0.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

MD5:

8e949c1ad072bf75e399a0f42b984561

SHA-1:

ed9693474a33124b9b3618ce0b6a8ef9a6053b98

SHA-256:

7dbc2ce027d9ff7461b1b0a6d25d3e518b39494f235a647b259ba5066983ed72

Scanner detections:

29 / 68

Status:

Potentially unwanted

Analysis date:

4/28/2024 8:57:50 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Zlob.65536.M

5.0.

Avira AntiVirus

TR/Dldr.Zlob.idc

7.9.1.35

Emsisoft A-Squared

Trojan.Zlob!IK

4.5.0.41

avast!

Win32:Agent-AEYM

2014.9-170315

AVG

Downloader.Zlob

2018.0.2439

Bitdefender

Trojan.Downloader.Zlob.ACAR

1.0.20.370

Clam AntiVirus

Trojan.Zlob.REN

0.98/171

Comodo Security

TrojWare.Win32.TrojanDownloader.Zlob.CDT

2609

Dr.Web

Trojan.Popuper.7355

9.0.1.074

ESET NOD32

Win32/TrojanDownloader.Zlob.CDT

11.4511

Fortinet FortiGate

W32/ZlobJunk.A!tr.dldr

3/15/2017

F-Prot

W32/Downldr2.DGKK

v6.4.5.1.85

F-Secure

Trojan-Downloader.Win32.Zlob.sfv

11.2017-15-03_4

G Data

Trojan.Downloader.Zlob.ACAR

17.3.19

IKARUS anti.virus

Trojan.Zlob

t3scan.1.1.72.0

K7 AntiVirus

Trojan-Downloader.Win32.Zlob.sfv

13.7.10.871

Kaspersky

Trojan-Downloader.Win32.Zlob

14.0.0.-1311

McAfee

Puper

5600.6095

Microsoft Security Essentials

TrojanDownloader:Win32/Zlob.gen!CD

1.163.1557.0

Norman

W32/DLoader.IPAC

11.20170315

nProtect

Trojan-Downloader/W32.Zlob.65536.BL

2009.1.8.0

Panda Antivirus

Generic Trojan

17.03.15.05

Prevx

Medium Risk Malware Dropper

3.0

Quick Heal

Win32.TrojanDownloader.Zlob.gen!GX.4

3.17.10.00

Rising Antivirus

Trojan.DL.Win32.Mnless.cjf

23.00.65.17313

Sophos

Troj/Zlobyp-Gen

4.46

Trend Micro

TROJ_ZLOB.CPD

10.465.15

Vba32 AntiVirus

Win32.TrojanDownloader.Zlob.CDT

3.12.10.11

ViRobot

Adware.Zlob.Do.65536.AF

2009.10.15.1986

File size:

64 KB (65,536 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setup_ver1.1471.0.exe

File PE Metadata

Compilation timestamp:

7/16/2008 8:42:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x30E0

Entry point:

55, 8B, EC, 83, E4, F8, 6A, FF, 68, 50, 96, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, EC, 1C, 53, 55, 56, 57, A1, 48, E0, 40, 00, 33, C4, 50, 8D, 44, 24, 30, 64, A3, 00, 00, 00, 00, 8B, 35, 04, A0, 40, 00, 33, C0, 68, 04, 01, 00, 00, 6A, 08, 89, 44, 24, 20, 89, 44, 24, 24, FF, D6, 8B, 1D, 00, A0, 40, 00, 50, FF, D3, 68, 04, 01, 00, 00, 8B, F8, 6A, 08, 89, 7C, 24, 28, FF, D6, 50, FF, D3, 8B, E8, 8D, 44, 24, 18, 50, 8D, 4C, 24, 20, 51, E8, EE, F5, FF, FF, 8D, 44, 24, 28, E8, 55, F4, FF, FF, E8, C0, EE, FF, FF... 
[+]

Entropy:

5.8882

Developed / compiled with:

Microsoft Visual C++

Code size:

36 KB (36,864 bytes)

Remove setup_ver1.1471.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.