setup.exe

The executable setup.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetworkNotifyer’. The file has been seen being downloaded from pl-pl.facebook.com.
MD5:
897d120aa00e7fe2207dc93875c33f89

SHA-1:
c23d9c88d5eeea711dff4d198342b0abf7bbd675

SHA-256:
b25391aeb6140e9e1d12915e62f55642d72df0c47baadd891a3f8956733e76df

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
12/25/2024 2:40:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Injector.BIZ
360

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.CeeInject
2015.06.06

Avira AntiVirus
TR/Kelihos.A.227
8.3.1.6

Arcabit
Trojan.Injector.BIZ
1.0.0.425

avast!
Win32:Kryptik-PHV [Trj]
2014.9-160210

AVG
Inject2
2017.0.2838

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.16210

Bitdefender
Trojan.Injector.BIZ
1.0.20.205

Bkav FE
W32.KelihosMulti.Trojan
1.3.0.6379

Comodo Security
UnclassifiedMalware
22352

Dr.Web
Trojan.PWS.Tinba.246
9.0.1.041

Emsisoft Anti-Malware
Trojan.Injector.BIZ
8.16.02.10.10

ESET NOD32
Win32/Injector.BZVV (variant)
10.11743

Fortinet FortiGate
W32/BZVV!tr
2/10/2016

F-Secure
Trojan.Injector.BIZ
11.2016-10-02_4

G Data
Trojan.Injector.BIZ
16.2.25

IKARUS anti.virus
Trojan.Win32.Kelihos
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.204.16151

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.683

Malwarebytes
Trojan.Kelihos.Dr
v2016.02.10.10

McAfee
PWSZbot-FAJM!897D120AA00E
5600.6494

Microsoft Security Essentials
VirTool:Win32/CeeInject
1.1.11701.0

MicroWorld eScan
Trojan.Injector.BIZ
17.0.0.123

NANO AntiVirus
Trojan.Win32.Tinba.drhvay
0.30.24.1636

nProtect
Trojan.Injector.BIZ
15.06.05.01

Panda Antivirus
Generic Suspicious
16.02.10.10

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.CeeInject.g4
2.16.14.00

Sophos
Troj/HkMain-DP
4.98

Trend Micro House Call
TROJ_GEN.R047C0EED15
7.2.41

Trend Micro
TROJ_GEN.R047C0EED15
10.465.10

Vba32 AntiVirus
OScope.Malware-Cryptor.Hlux
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40868

Zillya! Antivirus
Trojan.Injector.Win32.260203
2.0.0.2207

File size:
1.5 MB (1,535,412 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
4/14/2015 10:01:10 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:/FMbpATUZ24/3Akc16X++nKCmL3V2n295rWQlC8pesmrpuOWYZvLh4gp7MkK:/2VJl3AkMxcmrkngBWQldp4oOdZvDpRK

Entry address:
0x2394

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9827  (probably packed)

Code size:
1.1 MB (1,122,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NetworkNotifyer

Command:
C:\users\{user}\downloads\setup.exe


The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security