» setup_120.exe
Overview
Analysis
File Details

setup_120.exe

花猫日历

Tiangua (Shanghai) Information Technology Co., Ltd.

The application setup_120.exe by Tiangua (Shanghai) Information Technology Co. has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup_120.exe

Publisher:

甜瓜（上海）信息技术有限公司 (signed by Tiangua (Shanghai) Information Technology Co., Ltd.)

Product:

花猫日历

Description:

花猫日历安装程序

Version:

V1.0

MD5:

6b66dc9dedff21730b2e39e470b1d40f

SHA-1:

29bd61d4006168037557f7a2d73cf7342212d6af

SHA-256:

d931c38bf4722e303f9788fcbb77df5068ab25d36c0f2e323280eb1d907e3dba

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 7:36:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Yantai.1

-18

AhnLab V3 Security

PUP/Win32.Agent.R182507

3.7.5.15

Arcabit

Trojan.Application.Bundler.Yantai.1

1.0.0.742

avast!

Win32:Malware-gen

2014.9-170222

AVG

Malware

2018.0.2460

Bitdefender

Gen:Variant.Application.Bundler.Yantai.1

1.0.20.265

Clam AntiVirus

Win.Trojan.691128-1

0.98/21511

Dr.Web

Trojan.KillFiles.28526

9.0.1.053

ESET NOD32

Win32/Packed.NSISmod.A suspicious (variant)

11.13897

Fortinet FortiGate

W32/Generic.AC.4685!tr

2/22/2017

F-Secure

Gen:Variant.Application.Bundler

11.2017-22-02_4

G Data

Gen:Variant.Application.Bundler.Yantai

17.2.25

IKARUS anti.virus

PUA.RiskWare.Yantai

t3scan.2.1.6.0

K7 AntiVirus

Unwanted-Program

13.235.20428

Kaspersky

HEUR:Trojan.Win32.Invader

14.0.0.-1206

Malwarebytes

PUP.Optional.Bundler

v2017.02.22.04

McAfee

Artemis!6B66DC9DEDFF

5600.6116

MicroWorld eScan

Gen:Variant.Application.Bundler.Yantai.1

18.0.0.159

NANO AntiVirus

Riskware.Win32.ShouQu.dmnfjx

1.0.38.8984

SUPERAntiSpyware

Trojan.Agent/Generic

8577

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

51284

Zillya! Antivirus

Trojan.InvaderCRTD.Win32.614

2.0.0.2989

File size:

1.8 MB (1,932,496 bytes)

Product version:

1.0.0.0

Trademarks:

甜瓜网络

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\temp\setup_120.exe

Digital Signature

Signed by:

Tiangua (Shanghai) Information Technology Co., Ltd.

Authority:

Symantec Corporation

Valid from:

4/1/2016 8:00:00 AM

Valid to:

4/2/2018 7:59:59 AM

Subject:

CN="Tiangua (Shanghai) Information Technology Co., Ltd.", OU=Administration Department, O="Tiangua (Shanghai) Information Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

57F435713AB3A2C83F514AEDDE1D3DE0

File PE Metadata

Compilation timestamp:

3/29/2014 5:42:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x3DD3

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00... 
[+]

Entropy:

7.9881

Packer / compiler:

Nullsoft install system v2.x

Code size:

28.5 KB (29,184 bytes)

Remove setup_120.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.