ppstreamsetup.exe

Shanghai Zhongyuan Networks limited

The executable ppstreamsetup.exe, “PPStream 安装 ” has been detected as malware by 7 anti-virus scanners. The program is a setup application that uses the Inno Setup installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
PPStream.com   (signed by Shanghai Zhongyuan Networks limited)

Description:
PPStream 安装

MD5:
05e18513a2b525a40c27b829cacaf4c7

SHA-1:
afd56df3ed55bb1b8125d4e152b2b3a87a889a2a

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/24/2024 1:39:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
SPR/tcpip.sys.Patch
7.11.214.38

AVG
Downloader.Agent
2017.0.2575

Comodo Security
UnclassifiedMalware
21311

McAfee
Artemis!05E18513A2B5
5600.6231

Norman
Suspicious_Gen.ICKK
11.20161029

VIPRE Antivirus
Trojan.Win32.Agent.abzlz
38168

File size:
1.8 MB (1,872,464 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/10/2006 3:00:00 AM

Valid to:
7/11/2007 2:59:59 AM

Subject:
CN=Shanghai Zhongyuan Networks limited, OU=Develop Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Zhongyuan Networks limited, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54EC64D4199CFD37C16B59DD548B64F3

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:D2iQPqw+Qn5PEmLhWmWShIhFN+BIGqnm9pxk9dHcNa:qiQPqS5PEWWQIhXmLxkH8Na

Entry address:
0x991C

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AA, 97, FF, FF, E8, B1, A9, FF, FF, E8, DC, CB, FF, FF, E8, 63, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, C6, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 7C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D4, CD, 40, 00, E8, 5B, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.9939

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

Remove ppstreamsetup.exe - Powered by Reason Core Security