» setup_120.exe
Overview
Analysis
File Details
Downloads (1)

setup_120.exe

花猫日历

Tiangua (Shanghai) Information Technology Co., Ltd.

The application setup_120.exe by Tiangua (Shanghai) Information Technology Co. has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from xiazai.job391.com.

File name:

setup_120.exe

Publisher:

甜瓜（上海）信息技术有限公司 (signed by Tiangua (Shanghai) Information Technology Co., Ltd.)

Product:

花猫日历

Description:

花猫日历安装程序

Version:

V1.0

MD5:

efeb27f0c50352cc0d6e4073a88a59d8

SHA-1:

65e5417c5aeb339cf9dd5592c63cf427b9685a8a

SHA-256:

42687ff876008c2108949c4e493287b078c87b534a4efdd489aebfac42fefa42

Scanner detections:

30 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 5:01:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Yantai.1

AegisLab AV Signature

Troj.W32.Invader!c

2.1.4+

AhnLab V3 Security

PUP/Win32.Agent.R182507

3.8.2.16

Avira AntiVirus

ADWARE/Xpyn.rkvkz

8.3.3.4

Arcabit

Trojan.Application.Bundler.Yantai.1

1.0.0.789

avast!

Win32:Malware-gen

2014.9-161228

AVG

Malware

2017.0.2516

Bitdefender

Gen:Variant.Application.Bundler.Yantai.1

1.0.20.1815

Clam AntiVirus

Win.Trojan.691128-1

0.99.211

Dr.Web

Trojan.KillFiles.28526

9.0.1.0363

ESET NOD32

Win32/Packed.NSISmod.A suspicious (variant)

10.14562

Fortinet FortiGate

W32/Generic.AC.4685!tr

12/28/2016

F-Secure

Gen:Variant.Application.Bundler

11.2016-28-12_4

G Data

Gen:Variant.Application.Bundler.Yantai

16.12.25

IKARUS anti.virus

PUA.NSISmod

0.1.3.4

K7 AntiVirus

Unwanted-Program

13.245.21735

Kaspersky

HEUR:Trojan.Win32.Invader

14.0.0.-925

McAfee

Artemis!EFEB27F0C503

5600.6172

MicroWorld eScan

Gen:Variant.Application.Bundler.Yantai.1

17.0.0.1089

NANO AntiVirus

Riskware.Win32.ShouQu.dmnfjx

1.0.70.13328

Panda Antivirus

Generic Malware

16.12.28.12

Quick Heal

AdWare.NSIS.Agent.IG

12.16.14.00

Sophos

Generic PUA GF (PUA)

4.98

SUPERAntiSpyware

Trojan.Agent/Generic

8689

Trend Micro House Call

TROJ_GEN.R02KC0EHQ16

7.2.363

Trend Micro

TROJ_GEN.R02KC0EHQ16

10.465.28

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

54298

ViRobot

Trojan.Win32.Z.Bundler.1932464.S[h]

2014.3.20.0

Zillya! Antivirus

Trojan.InvaderCRTD.Win32.614

2.0.0.3145

File size:

1.8 MB (1,932,464 bytes)

Product version:

1.0.0.0

Trademarks:

甜瓜网络

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup_120.exe

Digital Signature

Signed by:

Tiangua (Shanghai) Information Technology Co., Ltd.

Authority:

Symantec Corporation

Valid from:

4/1/2016 8:00:00 AM

Valid to:

4/2/2018 7:59:59 AM

Subject:

CN="Tiangua (Shanghai) Information Technology Co., Ltd.", OU=Administration Department, O="Tiangua (Shanghai) Information Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

57F435713AB3A2C83F514AEDDE1D3DE0

File PE Metadata

Compilation timestamp:

3/29/2014 5:42:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x3DD3

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00... 
[+]

Entropy:

7.9882

Packer / compiler:

Nullsoft install system v2.x

Code size:

28.5 KB (29,184 bytes)

The file setup_120.exe has been seen being distributed by the following URL.

http://xiazai.job391.com/.../?id=120

Remove setup_120.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.