setup.exe

Viesema

The executable setup.exe has been detected as malware by 24 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from fs11n2.sendspace.com.
Product:
Viesema

Version:
1.0.0.0

MD5:
be1b60fd808c6db93e13242296969cb5

SHA-1:
f88c6885d5ff2c8fac961fe2121afb24260cf049

SHA-256:
8c3c39fffa6401eb23dc496bdb1d1690b1178150742dc30ed8c66d1b771cbf2f

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
11/24/2024 9:48:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.875
239

Avira AntiVirus
TR/Dropper.MSIL.mpzj
8.3.3.4

Arcabit
Trojan.Barys.875
1.0.0.688

avast!
Win32:Malware-gen
2014.9-160610

AVG
MSIL10
2017.0.2717

Bitdefender
Gen:Variant.Barys.875
1.0.20.810

Dr.Web
Trojan.DownLoader21.32962
9.0.1.0162

Emsisoft Anti-Malware
Gen:Variant.Barys.875
8.16.06.10.03

ESET NOD32
MSIL/Injector.PBF (variant)
10.13537

Fortinet FortiGate
MSIL/Kryptik.FYE!tr
6/10/2016

F-Secure
Gen:Variant.Barys.875
11.2016-10-06_6

G Data
Gen:Variant.Barys.875
16.6.25

K7 AntiVirus
Riskware
13.226.19691

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.79

Malwarebytes
Backdoor.Agent.BDB
v2016.06.10.03

McAfee
Artemis!BE1B60FD808C
5600.6373

Microsoft Security Essentials
Backdoor:Win32/Oztratz.A
1.1.12804.0

MicroWorld eScan
Gen:Variant.Barys.875
17.0.0.486

NANO AntiVirus
Trojan.Win32.DownLoader21.ebyuty
1.0.30.8482

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Trojan.Generic!8.C3-ZTmw4QZ7llN (Cloud)
23.00.65.16608

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
9091

VIPRE Antivirus
Trojan.Win32.Generic
49606

File size:
804 KB (823,296 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Viesema 2016

Original file name:
Viesema.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
4/25/2016 10:53:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:B3PuEAnoXDXNTwHIk1/Xa7J+0UpV+LPDtlBT2N:B/uEA4dTwHP/Xa7tUbKlBT2N

Entry address:
0x882CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
537 KB (549,888 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security