setup.exe

Pidgin

The Pidgin developer community

The executable setup.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from google.com.vn.
Publisher:
The Pidgin developer community

Product:
Pidgin

Version:
2.10.7

MD5:
62b62a087e65aa4ff0ddcfafe17f63e2

SHA-1:
be8026a0e5e98a7287d5c06bca29b1ad9d11427e

SHA-256:
43bb144ad26f5ce55edc3e94a610258918295da0a0065a9b8d43fd677a35fe10

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
12/26/2024 2:34:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.364398
334

Agnitum Outpost
Trojan.PWS.Fareit
7.1.1

AhnLab V3 Security
Trojan/Win32.Ransomlock
2015.06.04

Avira AntiVirus
TR/Fareit.A.46
8.3.1.6

Arcabit
Trojan.Kazy.D58F6E
1.0.0.425

avast!
Win32:Dropper-gen [Drp]
2014.9-160306

AVG
Zbot
2017.0.2812

Baidu Antivirus
Trojan.Win32.Fareit
4.0.3.1636

Bitdefender
Gen:Variant.Kazy.364398
1.0.20.330

Bkav FE
W32.DownloadNymaimN.Trojan
1.3.0.6379

Comodo Security
UnclassifiedMalware
22328

Dr.Web
Trojan.PWS.Stealer.1932
9.0.1.066

Emsisoft Anti-Malware
Gen:Variant.Kazy.364398
8.16.03.06.08

ESET NOD32
Win32/PSW.Fareit
10.11731

Fortinet FortiGate
W32/Inject.EX!tr
3/6/2016

F-Secure
Gen:Variant.Kazy.364398
11.2016-06-03_1

G Data
Gen:Variant.Kazy.364398
16.3.25

K7 AntiVirus
Riskware
13.204.16131

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.556

Malwarebytes
Spyware.Passwords
v2016.03.06.08

McAfee
Generic.rm
5600.6468

Microsoft Security Essentials
PWS:Win32/Zbot!rfn
1.1.11701.0

MicroWorld eScan
Gen:Variant.Kazy.364398
17.0.0.198

NANO AntiVirus
Trojan.Win32.Fareit.cwmqex
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
16.03.06.08

Qihoo 360 Security
Win32/Trojan.1ba
1.0.0.1015

Quick Heal
TrojanPWS.Fareit.r5
3.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.16A8D0EC!380162284
23.00.65.16304

Sophos
Mal/Inject-EX
4.98

Trend Micro House Call
TSPY_FAREIT.VAPK
7.2.66

Trend Micro
TSPY_FAREIT.VAPK
10.465.06

Vba32 AntiVirus
TrojanPSW.Fareit
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40816

File size:
97 KB (99,328 bytes)

Product version:
2.10.7

Copyright:
Copyright (C) 1998-2010 The Pidgin developer community (See the COPYRIGHT file in the source distribution).

Original file name:
pidgin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
2/12/2000 3:32:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:JqH7ITT3uuEsWzOAVwIaKY8+Ag0PeWqbh410a:Jbv3uuEsWSADFYLAg0PIS

Entry address:
0x1190

Entry point:
55, 89, E5, E8, 07, 00, 00, 00, C9, C3, 00, 00, 45, 58, 45, 89, C3, 2B, 3D, 00, E0, 40, 00, 29, 25, 00, E0, 40, 00, 2B, F0, 01, EA, 68, 84, E0, 40, 00, E8, CD, 12, 00, 00, E8, CE, 12, 00, 00, 33, F0, E8, CD, 12, 00, 00, 33, F0, E8, CC, 12, 00, 00, 33, F0, 68, 8C, E0, 40, 00, E8, C6, 12, 00, 00, 33, F0, 8B, 3D, 94, E0, 40, 00, 29, 2D, 70, E0, 40, 00, 03, 15, 98, E0, 40, 00, 01, 25, 18, E0, 40, 00, 2B, F3, 01, FA, 2B, 35, 3C, E0, 40, 00, 01, C6, 2B, 0D, 00, E0, 40, 00, 29, D0, 03, 15, 00, E0, 40, 00, 29, 25...
 
[+]

Entropy:
6.5499

Code size:
40.5 KB (41,472 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security