» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Pidgin

The Pidgin developer community

The executable setup.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from google.com.vn.

File name:

setup.exe

Publisher:

The Pidgin developer community

Product:

Pidgin

Version:

2.10.7

MD5:

62b62a087e65aa4ff0ddcfafe17f63e2

SHA-1:

be8026a0e5e98a7287d5c06bca29b1ad9d11427e

SHA-256:

43bb144ad26f5ce55edc3e94a610258918295da0a0065a9b8d43fd677a35fe10

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

11/17/2024 5:47:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.364398

334

Agnitum Outpost

Trojan.PWS.Fareit

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransomlock

2015.06.04

Avira AntiVirus

TR/Fareit.A.46

8.3.1.6

Arcabit

Trojan.Kazy.D58F6E

1.0.0.425

avast!

Win32:Dropper-gen [Drp]

2014.9-160306

AVG

Zbot

2017.0.2812

Baidu Antivirus

Trojan.Win32.Fareit

4.0.3.1636

Bitdefender

Gen:Variant.Kazy.364398

1.0.20.330

Bkav FE

W32.DownloadNymaimN.Trojan

1.3.0.6379

Comodo Security

UnclassifiedMalware

22328

Dr.Web

Trojan.PWS.Stealer.1932

9.0.1.066

Emsisoft Anti-Malware

Gen:Variant.Kazy.364398

8.16.03.06.08

ESET NOD32

Win32/PSW.Fareit

10.11731

Fortinet FortiGate

W32/Inject.EX!tr

3/6/2016

F-Secure

Gen:Variant.Kazy.364398

11.2016-06-03_1

G Data

Gen:Variant.Kazy.364398

16.3.25

K7 AntiVirus

Riskware

13.204.16131

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.556

Malwarebytes

Spyware.Passwords

v2016.03.06.08

McAfee

Generic.rm

5600.6468

Microsoft Security Essentials

PWS:Win32/Zbot!rfn

1.1.11701.0

MicroWorld eScan

Gen:Variant.Kazy.364398

17.0.0.198

NANO AntiVirus

Trojan.Win32.Fareit.cwmqex

0.30.24.1636

Panda Antivirus

Trj/Genetic.gen

16.03.06.08

Qihoo 360 Security

Win32/Trojan.1ba

1.0.0.1015

Quick Heal

TrojanPWS.Fareit.r5

3.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.16A8D0EC!380162284

23.00.65.16304

Sophos

Mal/Inject-EX

4.98

Trend Micro House Call

TSPY_FAREIT.VAPK

7.2.66

Trend Micro

TSPY_FAREIT.VAPK

10.465.06

Vba32 AntiVirus

TrojanPSW.Fareit

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

40816

File size:

97 KB (99,328 bytes)

Product version:

2.10.7

Original file name:

pidgin.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

2/12/2000 3:32:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:JqH7ITT3uuEsWzOAVwIaKY8+Ag0PeWqbh410a:Jbv3uuEsWSADFYLAg0PIS

Entry address:

0x1190

Entry point:

55, 89, E5, E8, 07, 00, 00, 00, C9, C3, 00, 00, 45, 58, 45, 89, C3, 2B, 3D, 00, E0, 40, 00, 29, 25, 00, E0, 40, 00, 2B, F0, 01, EA, 68, 84, E0, 40, 00, E8, CD, 12, 00, 00, E8, CE, 12, 00, 00, 33, F0, E8, CD, 12, 00, 00, 33, F0, E8, CC, 12, 00, 00, 33, F0, 68, 8C, E0, 40, 00, E8, C6, 12, 00, 00, 33, F0, 8B, 3D, 94, E0, 40, 00, 29, 2D, 70, E0, 40, 00, 03, 15, 98, E0, 40, 00, 01, 25, 18, E0, 40, 00, 2B, F3, 01, FA, 2B, 35, 3C, E0, 40, 00, 01, C6, 2B, 0D, 00, E0, 40, 00, 29, D0, 03, 15, 00, E0, 40, 00, 29, 25... 
[+]

Entropy:

6.5499

Code size:

40.5 KB (41,472 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://google.com.vn/setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.