home

Setup.exe

Shanghai Quxiu Network Technology Co., Ltd.

This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from click.am1.adm.cnzz.net and multiple other hosts.
Publisher:
drilldown   (signed by Shanghai Quxiu Network Technology Co., Ltd.)

Product:
drilldown

Version:
2015.1123.1146.10

MD5:
6aa47ab546e0df21465da10afe53cb41

SHA-1:
ec1b1390282894091b5b4d7b6d8247fe66de2fa3

SHA-256:
2211c34998b0fbafd88021d70cc379d05d7a23a64ca03a829c9ba2ce1de518fd

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 3:52:37 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-151201

IKARUS anti.virus
Trojan.Win32.Skeeyah
t3scan.1.9.5.0

Zillya! Antivirus
Adware.Agent.Win32.84769
2.0.0.2527

File size:
5.1 MB (5,335,232 bytes)

Product version:
1.0

Copyright:
Copyright © 2012-2015 drilldown, Inc.

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Shanghai Quxiu Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
11/3/2015 12:48:47 AM

Valid to:
11/3/2016 1:48:47 AM

Subject:
CN="Shanghai Quxiu Network Technology Co., Ltd.", O="Shanghai Quxiu Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
1A10980D0D4433FACBFFB8D11EBEDE30

File PE Metadata
Compilation timestamp:
11/13/2015 3:20:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:sdkJbNiZY3SiQDMwYuTfGKte9HMwAI/49WdjXSwhssKzK1PP/35He+:TqY3bO73TfGKQJMPIwW7vKtK1xD

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, E8, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Entropy:
7.9914

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://click.am1.adm.cnzz.net/click.php?m4c=zcEspnNNI,v1NGpB18pQiQsfFQVbGB41Ek9wU0BIOVBIVCFIXhxQWRVTX1hLdCpeHlESEBxZRlJfWEVPR1ksdhVvExcTdjMXGnMWCwY5BQgMCxMUUWs8AQ..

http://ini.pinguopai.cn/hezi/.../setup_loldytt-HD.php

http://ini.litingxin.cn/hezi/.../setup_ddooo-1495.php

Scan Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.