setup_1_51832_019.exe

天宁区茶山极速图文设计工作室

The application setup_1_51832_019.exe by 天宁区茶山极速图文设计工作室 has been detected as a potentially unwanted program by 21 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
酷熊桌面B  (signed by 天宁区茶山极速图文设计工作室)

Product:
酷熊桌面B

Version:
3.0.0.0

MD5:
52914b22f36585079fd350e77e259209

SHA-1:
b2edf1d8fff3c1d463754fc47b2963d934b6122a

SHA-256:
c989f1813e9e335b10125c23cadd974f9f73dbf40c6098a28e285bee6d807ddb

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 1:45:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.35322
250

AegisLab AV Signature
Variant.Strictor.Gen!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Genome
2016.05.30

Avira AntiVirus
TR/Downloader.Gen
8.3.3.4

Arcabit
Trojan.Mikey.D89FA
1.0.0.688

avast!
Win32:Malware-gen
2014.9-160530

Bitdefender
Gen:Variant.Mikey.35322
1.0.20.755

Comodo Security
TrojWare.Win32.TrojanDropper.Agent.HNMS
25129

Dr.Web
Trojan.MulDrop6.13156
9.0.1.0151

Emsisoft Anti-Malware
Gen:Variant.Mikey.35322
8.16.05.30.04

F-Prot
W32/Agent.EW.gen
v6.4.7.1.166

F-Secure
Trojan:W32/DelfInject.R
11.2016-30-05_2

G Data
Gen:Variant.Mikey.35322
16.5.25

IKARUS anti.virus
AdWare.Win32.FlyStudio
t3scan.2.0.9.0

McAfee
Artemis!52914B22F365
5600.6384

MicroWorld eScan
Gen:Variant.Mikey.35322
17.0.0.453

NANO AntiVirus
Trojan.Win32.MulDrop6.dyseru
1.0.30.8482

Rising Antivirus
Trjoan.Generic-Rd3hQXflymN (Cloud)
23.00.65.16528

Trend Micro
TROJ_GEN.R0EBC0EKD15
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
49730

Zillya! Antivirus
Trojan.InstallCore.Win32.1103
2.0.0.2898

File size:
4.2 MB (4,407,888 bytes)

Product version:
3.0.0.0

Copyright:
酷熊桌面B

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\programs\setup_1_51832_019.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
9/25/2015 8:20:29 AM

Valid to:
4/25/2016 8:20:29 AM

Subject:
CN=天宁区茶山极速图文设计工作室, E=zaqwe2222@163.com, O=天宁区茶山极速图文设计工作室, L=常州市, S=江苏省, C=CN

Issuer:
CN=CA 沃通 OV 代码签名证书 G2, O=WoSign CA Limited, C=CN

Serial number:
1BACA5042DE9F7D61AAC209657B8781E

File PE Metadata
Compilation timestamp:
11/8/2015 9:06:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:96Xea4UghCr9w89XK3hZ/1W+/z9+mdi8MFfLAxG+qd30ooA7dJx13d8QNqMchwCN:3QY3P/13Imdi8yfLyG+03jocdtppdm

Entry address:
0xC818F

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 43, 80, 00, 68, 78, AF, 4C, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, D4, B1, 4E, 00, 33, D2, 8A, D4, 89, 15, C4, 7E, 85, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, C0, 7E, 85, 00, C1, E1, 08, 03, CA, 89, 0D, BC, 7E, 85, 00, C1, E8, 10, A3, B8, 7E, 85, 00, 6A, 01, E8, F1, 5B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 9C, 59, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.5248

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
936 KB (958,464 bytes)

Remove setup_1_51832_019.exe - Powered by Reason Core Security