home

nksetup25v32.exe

Xi'an Xinli Software Technology Co.,Ltd.

The executable nksetup25v32.exe has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Xi'an Xinli Software Technology Co.,Ltd.  (signed and verified)

MD5:
50dd252fa6332492766b526b2409f6da

SHA-1:
90477bbce4549b73be171d76e9154ba921d2515b

SHA-256:
fd9a0a23052f2824e4675427d5843f29ae33171fa5c229597f124db69d78dfab

Scanner detections:
9 / 68

Status:
Malware

Explanation:
nksetup25v32.exe is infected by a worm that might download, install and run additional malware as well as may spread to other executable files.

Analysis date:
4/1/2025 7:38:00 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Dropper.Generic7
2018.0.2438

Dr.Web
Exploit.DCom.710
9.0.1.074

IKARUS anti.virus
Virus.Win32.Alman
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.210.17208

McAfee
Artemis!50DD252FA633
5600.6094

NANO AntiVirus
Trojan.Win32.Ramnit.cvsphv
0.30.24.3283

Rising Antivirus
PE:Trojan.Win32.Generic.12B81B47!314055495[F1]
23.00.65.17313

Vba32 AntiVirus
Trojan.Genome.ah
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43750

File size:
4.9 MB (5,092,016 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\nksetup25v32.exe

Digital Signature
Signed by:
Xi'an Xinli Software Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 8:00:00 AM

Valid to:
4/18/2016 7:59:59 AM

Subject:
CN="Xi'an Xinli Software Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Xi'an Xinli Software Technology Co.,Ltd.", L=Xi'an, S=Shaanxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1310BB2084D76C532CA711E10C3CF06B

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30DE

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 27, 7A, 00, E8, F1, 2B, 00, 00, A3, A4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 68, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, A0, 1E, 7A, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9984

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove nksetup25v32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.