setup.exe

WindowsApplication1

The executable setup.exe has been detected as malware by 23 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d6.usercdn.com.
Product:
WindowsApplication1

Version:
1.0.0.0

MD5:
8cae21e2759493c909935090e4903bc1

SHA-1:
974cea94b9e2546a50854c3c9abd13dc5c3e7548

SHA-256:
aced0149cefa37293f1dc2ee3d8d530391c168772e0c552616c3ddbb1140511d

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/26/2024 8:15:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2444427
608

Avira AntiVirus
BDS/Agent.6685184
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150606

AVG
Atros
2016.0.3086

Baidu Antivirus
Trojan.MSIL.Disfa
4.0.3.1566

Bitdefender
Trojan.GenericKD.2444427
1.0.20.785

Emsisoft Anti-Malware
Trojan.GenericKD.2444427
8.15.06.06.04

ESET NOD32
MSIL/Kryptik.CCX (variant)
9.11699

Fortinet FortiGate
W32/Disfa.CCX!tr
6/6/2015

F-Secure
Trojan.GenericKD.2444427
11.2015-06-06_7

G Data
Trojan.GenericKD.2444427
15.6.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.1.9.2.0

K7 AntiVirus
Trojan
13.204.16056

Kaspersky
Trojan.MSIL.Disfa
14.0.0.1926

McAfee
Artemis!8CAE21E27594
5600.6742

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.11701.0

MicroWorld eScan
Trojan.GenericKD.2444427
16.0.0.471

Norman
Suspicious_Gen4.IMFWO
11.20150606

nProtect
Trojan.GenericKD.2444427
15.05.28.01

Panda Antivirus
Trj/CI.A
15.06.06.04

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R047H01ER15
7.2.157

VIPRE Antivirus
Trojan.Win32.Generic
40626

File size:
6.4 MB (6,685,184 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\weather watcher live 7.2.47 + patch\setup.exe

File PE Metadata
Compilation timestamp:
5/26/2015 2:43:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:FFu6ovl013ioz6FOHa6jmN/jebirpJDK+usHk2XsAnwV0EVQcH2ZZejc6TeEm6sT:pg8HAZSiFXusHk/+WV/H2ZZye6sT

Entry address:
0x65FF0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9815

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.4 MB (6,676,480 bytes)

The file setup.exe has been seen being distributed by the following URL.

https://d6.usercdn.com/d/.../setup.exe

Remove setup.exe - Powered by Reason Core Security