home

Setup.exe

WebPlugin

Zhejiang Dahua Technology CO.,LTD.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from 192.168.3.108 and multiple other hosts.
Publisher:
Zhejiang Dahua Technology CO.,LTD.  (signed and verified)

Product:
WebPlugin

Version:
3.1.0.224119

MD5:
968c7d6323ba49cb790e0d048f7580aa

SHA-1:
3e9c6b7be293f975ca30e5922901bd9cc557ce09

SHA-256:
2a4ac1e0df04b5f816b55d6fe88740ba94d0c2f03c509df61f817bb185877a95

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/3/2025 10:19:51 PM UTC  (today)

File size:
845.1 KB (865,360 bytes)

Product version:
3.1.0.224119

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Zhejiang Dahua Technology CO.,LTD.

Authority:
GlobalSign nv-sa

Valid from:
7/11/2014 2:30:17 PM

Valid to:
7/11/2016 2:30:17 PM

Subject:
CN="Zhejiang Dahua Technology CO.,LTD.", OU=研发中心-产品管理部, O="Zhejiang Dahua Technology CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112107ACBC49CA621D829A3C109E380158F5

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:l6OgF5KMr32WAcOiDaxe8lyqDdaXKGENEP38JMkc:c3Dd3TAcOiDaxe8J5QgNEfqE

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9496

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 25 URLs.

http://192.168.3.108/webplugin.exe

http://192.168.1.240/webplugin.exe

http://202.63.100.229:802/webplugin.exe

http://school2016.dahuaddns.in/webplugin.exe

http://122.168.229.34/webplugin.exe

http://192.168.1.71/webplugin.exe

http://192.168.2.100/webplugin.exe

http://192.168.1.111/webplugin.exe

http://192.168.1.246/webplugin.exe

http://182.71.200.78/webplugin.exe

http://192.168.106.190:81/webplugin.exe

http://192.168.1.33/webplugin.exe

http://116.74.95.89/webplugin.exe

http://4c11bf0c26d8.dahuaddns.com/webplugin.exe

http://192.168.1.105/webplugin.exe

http://192.168.1.108:81/webplugin.exe

http://192.168.0.114/webplugin.exe

http://103.237.59.218/webplugin.exe

http://rockfortview.dahuaddns.in/webplugin.exe

http://106.51.227.7/webplugin.exe

http://117.198.171.210/webplugin.exe

http://192.168.1.170/webplugin.exe

http://192.168.1.100/webplugin.exe

http://akt.dahuaddns.in/webplugin.exe

http://192.168.1.108/webplugin.exe

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.