Setup.exe

Shanghai Tuizhong Network Technology Studio

The file Setup.exe has been detected as malware by 16 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from vip.dns-vip.net.
Publisher:

MD5:
63404e559fbc7fca3f555db3715fff6b

SHA-1:
ce62cda36a31dc4cc4a4d7d7d95b372eee33d165

SHA-256:
a5eb9b868da9adebe0f23b0623f27072118431c315261bdd327ec1a6eee6364d

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
11/24/2024 2:34:20 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Agent
7.1.1

avast!
NSIS:Malware-gen [Trj]
2014.9-150124

Comodo Security
UnclassifiedMalware
20688

Dr.Web
Trojan.MulDrop3.58937
9.0.1.024

F-Prot
W32/Downldr2.IJOH
v6.4.7.1.166

IKARUS anti.virus
Virus.Win32.VBInject
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.191.14617

Malwarebytes
Trojan.Downloader.Agent
v2015.01.24.07

McAfee
Artemis!63404E559FBC
5600.6876

NANO AntiVirus
Trojan.Win32.XPACK.dhbcct
0.30.0.64448

Norman
Suspicious_Gen2.JYJXQ
11.20150124

Sophos
AdLoad
4.98

Trend Micro House Call
TROJ_SPNR.38J913
7.2.24

Trend Micro
TROJ_SPNR.38J913
10.465.24

Vba32 AntiVirus
Backdoor.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36594

File size:
2.6 MB (2,761,168 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/12/2013 8:00:00 AM

Valid to:
6/11/2016 7:59:59 AM

Subject:
CN=Shanghai Tuizhong Network Technology Studio, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Tuizhong Network Technology Studio, L=ShangHai, S=ShangHai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
17067005A0EBBDDA152B423715D32628

File PE Metadata
Compilation timestamp:
6/19/2009 5:33:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:mcPeayUlmPpTMIET6P2UV4MDSYbxtVOPsJYOKjTHw8vMWw08hEhj1/B:/Rk1S06MDSYtAPsJY7jTHXwJg

Entry address:
0x3291

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, BA, 2C, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, 80, 36, 42, 00, E8, 43, 29, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 31, 29, 00, 00...
 
[+]

Entropy:
7.9943

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following URL.

Remove Setup.exe - Powered by Reason Core Security