home

setup.exe

Nanning weiwu Technology co.,ltd.

The application setup.exe by Nanning weiwu Technology co.,ltd has been detected as adware by 29 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downrapid.com and multiple other hosts.
Publisher:
Nanning weiwu Technology co.,ltd.  (signed and verified)

MD5:
18945f46b20dd4f2550f733d4c7d7970

SHA-1:
119116bedede670e4fc28b95dab6aca2c76358d3

SHA-256:
f21cb4726ce2478c632fa1fd8ab12ee67d3f3815624c69b24a8f4bc22a381966

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
11/23/2024 2:33:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BV
839

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.179.140

avast!
Win32:Malware-gen
2014.9-141019

AVG
Generic
2015.0.3317

Bitdefender
Application.Bundler.BV
1.0.20.1460

Comodo Security
Application.Win32.VOPackage.AGEE
19225

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BV
14.10.19

ESET NOD32
Win32/SquareNet.C potentially unwanted application
7.0.302.0

F-Prot
W32/A-f5b31e60
v6.4.7.1.166

F-Secure
Application.Bundler.BV
11.2014-19-10_1

G Data
Application.Bundler.BV
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.184.13727

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Bundler
v2014.10.19.10

Microsoft Security Essentials
Threat.Undefined
1.179.3249.0

MicroWorld eScan
Application.Bundler.BV
15.0.0.876

NANO AntiVirus
Trojan.Win32.DownLoader11.ddwmsg
0.28.2.62671

nProtect
Trojan-Clicker/W32.Agent.300920
14.10.19.01

Panda Antivirus
Trj/Genetic.gen
14.10.19.10

Reason Heuristics
PUP.Installer.NanningweiwuTechnologycoltd.F
14.10.19.10

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
PUP.SquareNet
10290

Total Defense
Win32/Tnega.YYZPCZB
37.0.11236

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Backdoor.PePatch.Win32.39632
2.0.0.1959

File size:
293.9 KB (300,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Nanning weiwu Technology co.,ltd.

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/23/2015 12:59:59 AM

Subject:
CN="Nanning weiwu Technology co.,ltd.", O="Nanning weiwu Technology co.,ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00EE7D6082BD217E6FBABE223E889CE1

File PE Metadata
Compilation timestamp:
8/12/2014 9:19:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:IJfkJRqZJmR7/suqDDfEoRk4ZVL15xUo3PKpQL:IZkKg7/suqPEoRk4zJ5xU+FL

Entry address:
0x208BB

Entry point:
E8, 28, A1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 15, 30, 51, 43, 00, 85, C0, 75, 08, FF, 15, AC, 50, 43, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, 96, 19, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 20, E8, 4E, 19, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2F, F1, FF, FF, 83, C4, 14, 83, C8, FF, E9, 66, 01, 00, 00, 57, E8, E7, 90, 00, 00, 39, 5F, 04, 59, 89, 45, FC, 7D, 03, 89, 5F, 04, 6A...
 
[+]

Entropy:
6.5001

Code size:
208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following 7 URLs.

http://www.downrapid.com/node/.../loader.exe

http://www.downswift.com/entry/.../index.html?offer_id=100037&aff_id=11156&transaction_id=4026051e-69b3-4ea1-b6dc-d1bdee3c5157

http://www.yupdownload.com/trace?offer_id=100037&aff_id=11156

http://dlp.downloadyourplayer.com/p/151/Setup/476/.../9rIxePbS

http://ttb.downloadyourplayer.com/download/request/.../C3sLkMV9?ce_cid=&pub_id=176681&ce_cid=20qEdh3xontADfwN2MrlSG1vCDCB000.

http://network.adsmarket.com/.../iWhvm2acqZiLY2uWX8p6w4iQap5knn-XimKYnmWjfpW3YmmYYKF7w49ncZ1nnA?dp=DU976nUa_kI8A-Y7aKqnfI7V5p9kmmHyhp-5t8OiA5qYyE4_nmXd2GmkGpHg43vQ3FRG1QLcRRQKYq5UKWeeQbp2pTFvD-OXJJ3ASVecRRdaCpzytIIq8UqYy1bBcPh1kUuiWemX8kdcWNA8NE3qWp-xn9iV--S_DyhaA9DBm2nB01sPTTbZqZpA7N38dsevTgaX289qX-SDOxb9WZ0yURypylzXgAFGE0BrxQ_T56VrZQopyWsB3sKXUgOmw_5HA-8L_XSnALbrQF9TS3IYkq4zTJIytMQJJzxfOZOHgn4dOetuDAp3zQz5VePxTIciyOa8BLSGgrhxq0_1es4gYD5uTppJiN-2AEVAgOMZ2H_v3bNV8TIryAVfJVJlRkKOJlCliHAhJgRdenvI

http://s.m2pub.com/event/click/0/DU976nUa_kI8A-Y7aKqnfI7V5p9kmmHyhp-5t8OiA5qYyE4_nmXd2GmkGpHg43vQ3FRG1QLcRRQKYq5UKWeeQbp2pTFvD-OXJJ3ASVecRRdaCpzytIIq8UqYy1bBcPh1kUuiWemX8kdcWNA8NE3qWp-xn9iV--S_DyhaA9DBm2nB01sPTTbZqZpA7N38dsevTgaX289qX-SDOxb9WZ0yURypylzXgAFGE0BrxQ_T56VrZQopyWsB3sKXUgOmw_5HA-8L_XSnALbrQF9TS3IYkq4zTJIytMQJJzxfOZOHgn4dOetuDAp3zQz5VePxTIciyOa8BLSGgrhxq0_1es4gYD5uTppJiN-2AEVAgOMZ2H_v3bNV8TIryAVfJVJlRkKOJlCliHAhJgRdenvI/.../

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.