setup.exe

Nanning weiwu Technology co.,ltd.

The application setup.exe by Nanning weiwu Technology co.,ltd has been detected as adware by 28 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downrapid.com and multiple other hosts.
Publisher:
Nanning weiwu Technology co.,ltd.  (signed and verified)

MD5:
f6a5198ea79fa3217638a4c26a52ec83

SHA-1:
733432dae0dc0eee4062a699786191d114d19702

SHA-256:
9ef67d82b92b4d18809ad7076b47226b3fde1d3039a1847b148dc82d3d2d69b7

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
12/27/2024 4:06:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BV
838

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.179.120

AVG
Generic
2015.0.3316

Bitdefender
Application.Bundler.BV
1.0.20.1460

Comodo Security
Application.Win32.VOPackage.AGEE
19846

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BV
14.10.19

ESET NOD32
Win32/SquareNet.C potentially unwanted application
7.0.302.0

F-Prot
W32/A-f5b31e60
v6.4.7.1.166

F-Secure
Application.Bundler.BV
11.2014-19-10_1

G Data
Application.Bundler.BV
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13727

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.SquareNet
v2014.10.19.06

Microsoft Security Essentials
Threat.Undefined
1.185.3625.0

MicroWorld eScan
Application.Bundler.BV
15.0.0.876

NANO AntiVirus
Trojan.Win32.DownLoader11.ddwmsg
0.28.2.62671

nProtect
Trojan-Clicker/W32.Agent.300920
14.10.19.01

Panda Antivirus
Trj/Genetic.gen
14.10.19.06

Reason Heuristics
PUP.Installer.NanningweiwuTechnologycoltd.F
14.10.19.18

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
PUP.SquareNet
10289

Total Defense
Win32/Tnega.YYZPCZB
37.0.11236

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Backdoor.PePatch.Win32.39632
2.0.0.1959

File size:
293.9 KB (300,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/23/2015 12:59:59 AM

Subject:
CN="Nanning weiwu Technology co.,ltd.", O="Nanning weiwu Technology co.,ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00EE7D6082BD217E6FBABE223E889CE1

File PE Metadata
Compilation timestamp:
8/12/2014 9:19:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:IJfkJRqZJmR7/suqDDfEoRk4ZVL15xUo3PKpQX:IZkKg7/suqPEoRk4zJ5xU+FX

Entry address:
0x208BB

Entry point:
E8, 28, A1, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 15, 30, 51, 43, 00, 85, C0, 75, 08, FF, 15, AC, 50, 43, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, 96, 19, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 20, E8, 4E, 19, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 2F, F1, FF, FF, 83, C4, 14, 83, C8, FF, E9, 66, 01, 00, 00, 57, E8, E7, 90, 00, 00, 39, 5F, 04, 59, 89, 45, FC, 7D, 03, 89, 5F, 04, 6A...
 
[+]

Entropy:
6.5001

Code size:
208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

Remove setup.exe - Powered by Reason Core Security