» setup_120.exe
Overview
Analysis
File Details
Downloads (1)

setup_120.exe

花猫日历

Tiangua (Shanghai) Information Technology Co., Ltd.

The application setup_120.exe by Tiangua (Shanghai) Information Technology Co. has been detected as a potentially unwanted program by 26 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from xiazai.job391.com.

File name:

setup_120.exe

Publisher:

甜瓜（上海）信息技术有限公司 (signed by Tiangua (Shanghai) Information Technology Co., Ltd.)

Product:

花猫日历

Description:

花猫日历安装程序

Version:

V1.0

MD5:

95f9b24683064a12982664d40472da5c

SHA-1:

843854d768e5641572d163159e59c0945b185e66

SHA-256:

b556e0c7c563a95c7f25c6347bbcff5de3c5feb8205e70f6049c9e3fd44bda5a

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 8:02:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Yantai.1

AhnLab V3 Security

PUP/Win32.Agent.R182507

3.7.5.15

Arcabit

Trojan.Application.Bundler.Yantai.1

1.0.0.774

avast!

Win32:Malware-gen

2014.9-161228

AVG

Malware

2017.0.2516

Bitdefender

Gen:Variant.Application.Bundler.Yantai.1

1.0.20.1815

Clam AntiVirus

Win.Trojan.691128-1

0.98/21511

Dr.Web

Trojan.KillFiles.28526

9.0.1.0363

ESET NOD32

Win32/Packed.NSISmod.A suspicious (variant)

10.14182

Fortinet FortiGate

W32/Generic.AC.4685!tr

12/28/2016

F-Secure

Gen:Variant.Application.Bundler

11.2016-28-12_4

G Data

Gen:Variant.Application.Bundler.Yantai

16.12.25

IKARUS anti.virus

PUA.RiskWare.Yantai

t3scan.2.1.6.0

K7 AntiVirus

Unwanted-Program

13.2320997

Kaspersky

HEUR:Trojan.Win32.Invader

14.0.0.-925

McAfee

Artemis!95F9B2468306

5600.6172

MicroWorld eScan

Gen:Variant.Application.Bundler.Yantai.1

17.0.0.1089

NANO AntiVirus

Riskware.Win32.ShouQu.dmnfjx

1.0.38.11617

Quick Heal

AdWare.NSIS.Agent.IG

12.16.14.00

Sophos

Generic PUA IE (PUA)

4.98

SUPERAntiSpyware

Trojan.Agent/Generic

8689

Trend Micro House Call

TROJ_GEN.R0EBC0OHK16

7.2.363

Trend Micro

TROJ_GEN.R0EBC0OHK16

10.465.28

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

52600

Zillya! Antivirus

Trojan.InvaderCRTD.Win32.614

2.0.0.3068

File size:

1.8 MB (1,932,464 bytes)

Product version:

1.0.0.0

Trademarks:

甜瓜网络

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup_120.exe

Digital Signature

Signed by:

Tiangua (Shanghai) Information Technology Co., Ltd.

Authority:

Symantec Corporation

Valid from:

4/1/2016 8:00:00 AM

Valid to:

4/2/2018 7:59:59 AM

Subject:

CN="Tiangua (Shanghai) Information Technology Co., Ltd.", OU=Administration Department, O="Tiangua (Shanghai) Information Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

57F435713AB3A2C83F514AEDDE1D3DE0

File PE Metadata

Compilation timestamp:

3/29/2014 5:42:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x3DD3

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00... 
[+]

Entropy:

7.9882

Packer / compiler:

Nullsoft install system v2.x

Code size:

28.5 KB (29,184 bytes)

The file setup_120.exe has been seen being distributed by the following URL.

http://xiazai.job391.com/.../?id=120

Remove setup_120.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.