home

sethome-2.exe

The application sethome-2.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dysy.storial.ru and multiple other hosts.
Version:
1.0.0.0

MD5:
489783fbd8ad498f2c8a46f270025950

SHA-1:
f1e7b36c6ba933872a5a425d611adfe95f99742c

SHA-256:
54a47d5450da97fb1cb55c0d5c0e0357ce1d8f81968c142bba8559ef8e310f52

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:44:45 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Adwareare.Wysarjegi.Gen!c
2.1.4+

Avira AntiVirus
ADWARE/Wysarjegi.4141056
8.3.3.2

AVG
Generic7
2017.0.2803

Comodo Security
ApplicUnwnt
24549

Dr.Web
Adware.StartPage.23
9.0.1.076

ESET NOD32
Win32/Adware.Wysarjegi.G application
8.0.319.0

K7 AntiVirus
Adware
13.214.18998

Qihoo 360 Security
QVM05.1.Malware.Gen
1.0.0.1120

Reason Heuristics
Adware.SetHome
16.11.21.18

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16314

File size:
3.9 MB (4,141,056 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sethome-2.exe

File PE Metadata
Compilation timestamp:
3/6/2016 5:55:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:M34xgYu6132SmDQD7EMk5lx4fdjxRw6di9aD5BPY/DU:oaw6cH55lx4fbe6deMw

Entry address:
0x28F034

Entry point:
55, 8B, EC, B9, 14, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 9C, 2B, 68, 00, E8, 58, FE, D7, FF, 33, C0, 55, 68, 2E, F6, 68, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 89, F0, 68, 00, 64, FF, 30, 64, 89, 20, B8, B1, 67, 00, 00, E8, 1E, 7E, D7, FF, E8, 79, 7B, E6, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 90, F0, 68, 00, C3, E9, 3E, A2, D7, FF, EB, F8, 33, C0, 55, 68, D4, F0, 68, 00, 64, FF, 30, 64, 89, 20, B8, 6F, 94, 00, 00, E8, EC, 7D, D7, FF, 40, 0F, B7, 04, 45, F2, 8B, 69, 00, E8, DE, 7D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.6 MB (2,677,760 bytes)

The file sethome-2.exe has been seen being distributed by the following 2 URLs.

http://dysy.storial.ru/installs/.../e8ecf3c9.exe

http://gils.clothere.ru/installs/.../8y4nh8cj.exe

Remove sethome-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.