home

setup.exe

wno

b

The executable setup.exe has been detected as malware by 27 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.
Publisher:
b

Product:
wno

Description:
utalxm

Version:
4.21.0012

MD5:
3a5c594439124c68e4b75e62d150718b

SHA-1:
3c2b4de063eb415f94f1960b5e76e194cb7a88a0

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/1/2025 8:02:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.VBKrypt
7.1.1

AhnLab V3 Security
Win-Trojan/Seint.93696.M
2013.08.12

Avira AntiVirus
TR/Dropper.Gen
7.11.96.108

avast!
Win32:Malware-gen
2014.9-170315

AVG
SHeur3
2018.0.2438

Bitdefender
Trojan.Generic.6395402
1.0.20.370

Comodo Security
UnclassifiedMalware
16749

Dr.Web
Trojan.MulDrop2.30691
9.0.1.074

Emsisoft Anti-Malware
Trojan.Generic.6395402
8.17.03.15.12

ESET NOD32
Win32/Injector.HDE (variant)
11.8677

Fortinet FortiGate
W32/VBKrypt.CZLQ!tr
3/15/2017

F-Secure
Trojan.Generic.6395402
11.2017-15-03_4

G Data
Trojan.Generic.6395402
17.3.22

IKARUS anti.virus
Trojan.Win32.Jorik
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9241

Kaspersky
Trojan.Win32.VBKrypt
14.0.0.-1313

McAfee
PWS-Zbot.gen.jk
5600.6094

Microsoft Security Essentials
Trojan:Win32/Malagent
1.163.1557.0

NANO AntiVirus
Trojan.Win32.VBKrypt.dhvee
0.26.0.53954

Norman
Suspicious_Gen2.NATNS
11.20170315

nProtect
Trojan/W32.Agent.93696.JS
13.08.11.02

Panda Antivirus
Generic Trojan
17.03.15.12

Quick Heal
Trojan.VBKrypt.dhmj
3.17.12.00

SUPERAntiSpyware
Trojan.Agent/Gen-Falleg[Cont]
8534

Trend Micro House Call
TROJ_SPNR.07FL11
7.2.74

Trend Micro
TROJ_SPNR.07FL11
10.465.15

VIPRE Antivirus
Virtool.Win32.Vbinject.Gen.2
20410

File size:
91.5 KB (93,696 bytes)

Product version:
4.21.0012

Copyright:
gehlv oujlhsqio

Trademarks:
ayxc srttnzkw

Original file name:
tln.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\lupn\setup.exe

File PE Metadata
Compilation timestamp:
6/7/2011 3:15:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0xCB7F0

Entry point:
60, BE, 00, 60, 4B, 00, 8D, BE, 00, B0, F4, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 3C, 95, 0C, 00, 57, 83, C3, 04, 53, 68, E6, 57, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9509  (probably packed)

Code size:
92 KB (94,208 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.