setup_332.exe

极速拷贝

Beijing Yida Hongtian Technology Co.,Ltd.

The application setup_332.exe by Beijing Yida Hongtian Technology Co.,Ltd has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl2.869v.com.
Publisher:

Product:
极速拷贝

Description:
快速拷贝软件

Version:
1.0.0.1

MD5:
45ab1777b076a4f4535505aca379bc6c

SHA-1:
f8180c8479e033a777b64ad32d04a037c39041ae

SHA-256:
09ab0cede56a57fda14c7199af8dafd4ec507eca842d0640d88a67bb10a092b7

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:43:46 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.Win32.NSISmod
4.0.3.16529

Bkav FE
W32.FamVT.YantaiTTc
1.3.0.7237

Clam AntiVirus
Win.Trojan.691128
0.98/21511

Comodo Security
UnclassifiedMalware
23322

Dr.Web
Trojan.KillFiles.28526
9.0.1.0150

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
10.12327

Fortinet FortiGate
W32/Generic.AC.18053
5/29/2016

IKARUS anti.virus
PUA.NSISmod
t3scan.1.9.5.0

McAfee
Artemis!45AB1777B076
5600.6384

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
0.30.26.3725

File size:
2.5 MB (2,598,304 bytes)

Product version:
1.0.0.1

Copyright:
(C) 极速拷贝

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\setup_332.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
8/27/2014 3:34:18 PM

Valid to:
8/27/2015 3:34:18 PM

Subject:
CN="Beijing Yida Hongtian Technology Co.,Ltd.", E=pcdown@yeah.net, O="Beijing Yida Hongtian Technology Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
771884F7DA9404D8392AA19455F93B57

File PE Metadata
Compilation timestamp:
3/29/2014 5:42:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:XdjZhVfjSefDdE6kndy7PbbBSVAak2yFAixrBzyiIaUa:Xdvwem6kndyjbVSUPFAifWBa5

Entry address:
0x3DD3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00...
 
[+]

Entropy:
7.9926

Packer / compiler:
Nullsoft install system v2.x

Code size:
28.5 KB (29,184 bytes)

The file setup_332.exe has been seen being distributed by the following URL.

Remove setup_332.exe - Powered by Reason Core Security