setup.exe

The executable setup.exe has been detected as malware by 34 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from google.com.vn.
MD5:
b9f0e15879ab6ac596de11582995af3d

SHA-1:
1553efb0cf268a1a1fae6af2e1818b52949d68e3

SHA-256:
b97db9df3e8dfe7d97f8d67bfbbeebbe85c9bf4857e6ad0a1841d3702575ca3b

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
12/26/2024 2:13:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.25020
334

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2015.12.19

Avira AntiVirus
TR/Injector.akrz
8.3.2.4

Arcabit
Trojan.Generic.D61BC
1.0.0.629

avast!
Win32:Injector-BRO [Trj]
2014.9-160306

AVG
Zbot
2017.0.2812

Baidu Antivirus
Trojan.Win32.Fareit
4.0.3.1636

Bitdefender
Trojan.GenericKDZ.25020
1.0.20.330

Bkav FE
W32.NapolarBuzusA.Trojan
1.3.0.7383

Comodo Security
TrojWare.Win32.Spy.Zbot.SAQ
23796

Dr.Web
BackDoor.Tishop.2
9.0.1.066

Emsisoft Anti-Malware
Trojan.GenericKDZ.25020
8.16.03.06.08

ESET NOD32
Win32/PSW.Fareit
10.12747

Fortinet FortiGate
W32/Kryptik.WIF!tr
3/6/2016

F-Secure
Trojan.GenericKDZ.25020
11.2016-06-03_1

G Data
Trojan.GenericKDZ.25020
16.3.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18157

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.556

Malwarebytes
Spyware.Zbot.ED
v2016.03.06.08

McAfee
Generic-FAUT!B9F0E15879AB
5600.6468

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12400.0

MicroWorld eScan
Trojan.GenericKDZ.25020
17.0.0.198

NANO AntiVirus
Trojan.Win32.Fareit.cwwycs
1.0.10.5081

nProtect
Trojan.GenericKDZ.25020
15.12.18.01

Panda Antivirus
Generic Malware
16.03.06.08

Quick Heal
Trojan.Agent.r4
3.16.14.00

Sophos
Mal/Zbot-QT
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Cryptor
9281

Trend Micro House Call
TROJ_SPNR.0BDM14
7.2.66

Trend Micro
TROJ_SPNR.0BDM14
10.465.06

Vba32 AntiVirus
BScope.Malware-Cryptor.Hlux
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45930

File size:
102.4 KB (104,808 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
4/6/2014 11:34:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:hpVf9Yy2EZzrFwmzK4G59PJ/4Ic3gqHMDk/bdyEAzW9gOjU1rAKzQbesT9Kn:hVGmm9z0s4/bdy7vUWAjbeC9c

Entry address:
0x33C0

Entry point:
55, 8B, EC, 6A, FF, 68, C8, 49, 40, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, A5, B8, FD, FF, FF, BB, 12, 00, 00, 00, 57, E8, 7C, DC, FF, FF, 90, 90, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.3046

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security