setup421.exe

音速启动

Shanghai Gaoxin Computer System Co.,ltd

The executable setup421.exe by Shanghai Gaoxin Computer System Co.,ltd has been known to be a potentially unwanted program that has been detected by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vip.dns-vip.net.
Publisher:

Product:
音速启动

Description:
音速启动安装程序

Version:
5.7.0.140523

MD5:
31dc1f9294806eccef93ad4eff311fc0

SHA-1:
3449604672054492e5bce174f9d44104032bb5b5

SHA-256:
8ca803c4917e55c19522d7a60a32910a604a5b09d48f00fe5507aa3d99523668

Scanner detections:
4 / 68

Status:
Inconclusive but possibly unwanted  (There is not enough data for a 100% detection)

Analysis date:
11/5/2024 2:23:25 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Win32.Malware
t3scan.1.6.1.0

McAfee
Artemis!31DC1F929480
5600.7104

Sophos
Mal/Emogen-F
4.98

Trend Micro House Call
TROJ_GEN.F47V0603
7.2.160

File size:
2.4 MB (2,525,736 bytes)

Copyright:
(C) http://www.3lsoft.com/

File type:
Executable application (Win64 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup421.exe

Digital Signature
Subject:
CN="Shanghai Gaoxin Computer System Co.,ltd", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanghai Gaoxin Computer System Co.,ltd", L=Shanghai, S=Shanghai, C=CN

Serial number:
3252B61CBBBA434FC4C89A24F5ED7D30

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:sdfH2PsAQ9niEF7qylDkkmErFgEYEG2zLs/yhB3SPHQgJ743GiGNNRzlf:sduDQpiS76kmE5gEYEGF/yhB3iHxJ74O

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, A8, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, FE, 24, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 3B, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 30, 74, 40, 00, 68, C0, 33, 42, 00, E8, F0, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, DE, 23, 00, 00...
 
[+]

Entropy:
7.9927

Packer / compiler:
Nullsoft install system v2.x

The file setup421.exe has been seen being distributed by the following URL.

Scan setup421.exe - Powered by Reason Core Security