» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

The executable setup.exe has been detected as malware by 34 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from google.com.vn.

File name:

setup.exe

MD5:

b9f0e15879ab6ac596de11582995af3d

SHA-1:

1553efb0cf268a1a1fae6af2e1818b52949d68e3

SHA-256:

b97db9df3e8dfe7d97f8d67bfbbeebbe85c9bf4857e6ad0a1841d3702575ca3b

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

11/17/2024 5:57:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.25020

334

Agnitum Outpost

Trojan.Injector

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransomlock

2015.12.19

Avira AntiVirus

TR/Injector.akrz

8.3.2.4

Arcabit

Trojan.Generic.D61BC

1.0.0.629

avast!

Win32:Injector-BRO [Trj]

2014.9-160306

AVG

Zbot

2017.0.2812

Baidu Antivirus

Trojan.Win32.Fareit

4.0.3.1636

Bitdefender

Trojan.GenericKDZ.25020

1.0.20.330

Bkav FE

W32.NapolarBuzusA.Trojan

1.3.0.7383

Comodo Security

TrojWare.Win32.Spy.Zbot.SAQ

23796

Dr.Web

BackDoor.Tishop.2

9.0.1.066

Emsisoft Anti-Malware

Trojan.GenericKDZ.25020

8.16.03.06.08

ESET NOD32

Win32/PSW.Fareit

10.12747

Fortinet FortiGate

W32/Kryptik.WIF!tr

3/6/2016

F-Secure

Trojan.GenericKDZ.25020

11.2016-06-03_1

G Data

Trojan.GenericKDZ.25020

16.3.25

IKARUS anti.virus

Virus.Win32.CeeInject

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18157

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.556

Malwarebytes

Spyware.Zbot.ED

v2016.03.06.08

McAfee

Generic-FAUT!B9F0E15879AB

5600.6468

Microsoft Security Essentials

Trojan:Win32/Bagsu!rfn

1.1.12400.0

MicroWorld eScan

Trojan.GenericKDZ.25020

17.0.0.198

NANO AntiVirus

Trojan.Win32.Fareit.cwwycs

1.0.10.5081

nProtect

Trojan.GenericKDZ.25020

15.12.18.01

Panda Antivirus

Generic Malware

16.03.06.08

Quick Heal

Trojan.Agent.r4

3.16.14.00

Sophos

Mal/Zbot-QT

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Cryptor

9281

Trend Micro House Call

TROJ_SPNR.0BDM14

7.2.66

Trend Micro

TROJ_SPNR.0BDM14

10.465.06

Vba32 AntiVirus

BScope.Malware-Cryptor.Hlux

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45930

File size:

102.4 KB (104,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

4/6/2014 11:34:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:hpVf9Yy2EZzrFwmzK4G59PJ/4Ic3gqHMDk/bdyEAzW9gOjU1rAKzQbesT9Kn:hVGmm9z0s4/bdy7vUWAjbeC9c

Entry address:

0x33C0

Entry point:

55, 8B, EC, 6A, FF, 68, C8, 49, 40, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, A5, B8, FD, FF, FF, BB, 12, 00, 00, 00, 57, E8, 7C, DC, FF, FF, 90, 90, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.3046

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://google.com.vn/setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.