home

dictionary_setup.exe

Freelang

Freelang.net

The executable dictionary_setup.exe, “Freelang Dictionary Setup ” has been detected as malware by 6 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.freelang.net.
Publisher:
Freelang.net

Product:
Freelang

Description:
Freelang Dictionary Setup

MD5:
12e27e70d67dc21ea57d38a6499c1981

SHA-1:
b6a8c8983247481ead7c8c306b7cfaa9bc437ddf

SHA-256:
366544c5254b4a7306cc050293b57552967cc9ecba307a0177ccd5aed8a72fe4

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/27/2024 4:31:55 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Sality
2015.0.4591

Emsisoft Anti-Malware
Win32.Sality
16.07.20

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1693.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
2.5 MB (2,598,360 bytes)

Product version:
4.2.0.3

Copyright:
2014, Freelang.net

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dictionary_setup.exe

File PE Metadata
Compilation timestamp:
10/13/2013 1:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:T3dLzcVXc5NyN5q/NtSJlMgNhecz1QbYFFG0eMaR3y:tAcLyf4N88g6cSYLG0JW3y

Entry address:
0x113BC

Entry point:
60, 8D, 15, DE, F9, 13, 41, 88, C0, 78, 02, 11, D3, 77, 05, 8A, F4, 0F, BE, EB, 2D, BC, CB, 73, E8, 84, E9, F2, 56, 50, 69, DD, C1, 2E, 9A, 40, F7, C0, 4B, 0E, EF, B8, E8, 57, 00, 00, 00, BB, E4, 73, CD, 0B, 05, 3A, 11, DB, 8F, C6, C1, B9, 81, FE, EC, 31, 27, F7, 8A, C6, FE, CC, 89, C5, 8D, 2D, 28, FC, 87, 8B, 89, C6, 80, E5, 4C, 8D, 1D, E4, EB, 08, 00, C6, C5, A9, C6, C1, 7F, 81, EB, 94, 36, 08, 00, 81, FF, B0, 47, 00, 00, 70, 03, 0F, BE, F0, 03, D3, 81, FB, A7, 52, 00, 00, 76, 06, F7, C5, 6F, 79, F5, 45...
 
[+]

Entropy:
7.9792  (probably packed)

Code size:
63.5 KB (65,024 bytes)

The file dictionary_setup.exe has been seen being distributed by the following URL.

http://www.freelang.net/download/stats/.../dictionary_setup.php

Remove dictionary_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.