settingsmanagersetup.exe

The executable settingsmanagersetup.exe has been detected as malware by 38 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server. The file has been seen being downloaded from media.opencandy.com.
MD5:
3796b67ac167a60f3f3e7bf6d73d669b

SHA-1:
2ad21c916dfc1d63039d64c5ccb327931de77527

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/25/2024 1:24:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
665

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2014.12.20

Avira AntiVirus
W32/Neshta.A
7.11.196.218

avast!
Win32:Apanas [Trj]
2014.9-150410

AVG
Worm/Delf
2016.0.3143

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.15410

Bitdefender
Win32.Neshta.A
1.0.20.500

Bkav FE
W32.NeshtaB.PE
1.3.0.6267

Clam AntiVirus
W32.Neshuta.A
0.98/21511

Comodo Security
Win32.Neshta.A
20417

Dr.Web
Win32.HLLP.Neshta
9.0.1.0100

Emsisoft Anti-Malware
Win32.Neshta
8.15.04.10.07

Fortinet FortiGate
W32/Neshta.A
4/10/2015

F-Prot
W32/HLLP.41472
v6.4.7.1.166

F-Secure
Win32.Neshta.A
11.2015-10-04_6

G Data
Win32.Neshta
15.4.24

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.5.0

K7 AntiVirus
Virus
13.188.14395

Kaspersky
Virus.Win32.Neshta
14.0.0.2211

McAfee
W32/HLLP.41472.e
5600.6799

Microsoft Security Essentials
1.11302

MicroWorld eScan
Win32.Neshta.A
16.0.0.300

NANO AntiVirus
Trojan.Win32.Neshta.cwfstr
0.28.6.64267

Norman
Neshta.C
11.20150410

Panda Antivirus
Generic Malware
15.04.10.07

Qihoo 360 Security
Virus.Win32.Neshta.B
1.0.0.1015

Quick Heal
W32.Neshta.C8
4.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.10.15

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15408

Sophos
W32/Bloat-A
4.98

Total Defense
Win32/Neshta.A
37.0.11339

Trend Micro House Call
PE_NESHTA.A
7.2.100

Trend Micro
PE_NESHTA.A
10.465.10

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Virus.Win32.Neshta.a
35898

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2009

File size:
8.3 MB (8,700,272 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\rheng\0cc96115a81744fd84048e107012ec9b\settingsmanagersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:x9HQn3u5R3kYGTvZCW14DF9IIGmy8xe1NDUG:fwYJkRwWKF9Gf8mNAG

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
7.9989

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

The file settingsmanagersetup.exe has been seen being distributed by the following URL.

Remove settingsmanagersetup.exe - Powered by Reason Core Security