home

setup.exe

The executable setup.exe has been detected as malware by 8 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.9211tv.com.
Description:
Setup

Version:
14.0.23107.0 built by: D14REL

MD5:
94c3a17a0f27788db1321871fe47920b

SHA-1:
82363e19dbc40e026773d6bac4354d88e575dde2

SHA-256:
0178c2c8208e5492912e28fb0581a24afef17a25896c54c753ddb0c42de4acad

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 7:43:07 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160327-1

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.477.0

Norman
Win32.Sality.3
29.03.2016 06:29:16

File size:
570.4 KB (584,056 bytes)

Product version:
14.0.23107.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
7/7/2015 11:26:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:IDPdsil5fCMggBsiMVO26kk+FGOeMb01JQntLOCVYU4Gh+no8WjAk:ID1s2tc96kT9emVUG0oVt

Entry address:
0x330C2

Entry point:
60, F6, C4, EE, 4E, 50, 0F, A5, FD, F2, FF, C0, 0F, AD, D7, 81, D7, 0A, C2, 5E, 88, BF, 90, 39, 6B, 8A, 0F, A3, ED, 2B, C9, 32, DD, 69, EF, 80, 42, C4, AC, FE, CC, 89, CE, 57, 52, 0F, A5, DE, F6, D8, C0, D1, 67, 0F, C1, DD, 49, 13, D3, F6, D3, E8, 0F, 00, 00, 00, F3, 21, CB, F3, 0F, A5, F5, 69, D9, CC, BA, 22, BC, 3B, F3, 85, F2, 0F, C0, D2, D0, ED, 21, D6, 8D, 2D, 28, C5, 72, A1, 0A, CD, 0F, C8, 8A, E7, F7, D1, 33, F1, 30, DC, 0F, AD, C8, 08, F4, F7, C6, 96, 02, FD, 82, 0F, C8, B4, BA, 57, 58, 50, 59, 0F...
 
[+]

Entropy:
6.5712

Code size:
356 KB (364,544 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.9211tv.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.