home

settingsmanagersetup.exe

The executable settingsmanagersetup.exe has been detected as malware by 38 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server. The file has been seen being downloaded from media.opencandy.com.
MD5:
3796b67ac167a60f3f3e7bf6d73d669b

SHA-1:
2ad21c916dfc1d63039d64c5ccb327931de77527

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 10:04:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
665

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2014.12.20

Avira AntiVirus
W32/Neshta.A
7.11.196.218

avast!
Win32:Apanas [Trj]
2014.9-150410

AVG
Worm/Delf
2016.0.3143

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.15410

Bitdefender
Win32.Neshta.A
1.0.20.500

Bkav FE
W32.NeshtaB.PE
1.3.0.6267

Clam AntiVirus
W32.Neshuta.A
0.98/21511

Comodo Security
Win32.Neshta.A
20417

Dr.Web
Win32.HLLP.Neshta
9.0.1.0100

Emsisoft Anti-Malware
Win32.Neshta
8.15.04.10.07

Fortinet FortiGate
W32/Neshta.A
4/10/2015

F-Prot
W32/HLLP.41472
v6.4.7.1.166

F-Secure
Win32.Neshta.A
11.2015-10-04_6

G Data
Win32.Neshta
15.4.24

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.5.0

K7 AntiVirus
Virus
13.188.14395

Kaspersky
Virus.Win32.Neshta
14.0.0.2211

McAfee
W32/HLLP.41472.e
5600.6799

Microsoft Security Essentials
Virus:Win32/Neshta.A
1.11302

MicroWorld eScan
Win32.Neshta.A
16.0.0.300

NANO AntiVirus
Trojan.Win32.Neshta.cwfstr
0.28.6.64267

Norman
Neshta.C
11.20150410

Panda Antivirus
Generic Malware
15.04.10.07

Qihoo 360 Security
Virus.Win32.Neshta.B
1.0.0.1015

Quick Heal
W32.Neshta.C8
4.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.10.15

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15408

Sophos
W32/Bloat-A
4.98

Total Defense
Win32/Neshta.A
37.0.11339

Trend Micro House Call
PE_NESHTA.A
7.2.100

Trend Micro
PE_NESHTA.A
10.465.10

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Virus.Win32.Neshta.a
35898

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2009

File size:
8.3 MB (8,700,272 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\rheng\0cc96115a81744fd84048e107012ec9b\settingsmanagersetup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:x9HQn3u5R3kYGTvZCW14DF9IIGmy8xe1NDUG:fwYJkRwWKF9Gf8mNAG

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
7.9989

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

The file settingsmanagersetup.exe has been seen being distributed by the following URL.

http://media.opencandy.com/p/1102/.../SettingsManagerSetup.exe

Remove settingsmanagersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.