setup_3410.exe

BYYB安装

GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.

The application setup_3410.exe by GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn6.wuji.com and multiple other hosts.
Product:
BYYB安装

Description:
BYYB安装

Version:
1.14.12.11

MD5:
7b800d9d08681030b715b5e2ecf45a14

SHA-1:
159d1cb3dd841d8b9be51bfd289abd0b7f56d64d

SHA-256:
89704d8d81a87e4b6b75d704fb31f2d4d7a40de77fe4a352e94bd89e3a8aafa0

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 7:14:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.72872
763

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/wuji.5722696
7.11.198.192

Bitdefender
Gen:Variant.Strictor.72872
1.0.20.15

Comodo Security
UnclassifiedMalware
20542

Dr.Web
DLOADER.Trojan
9.0.1.03

Emsisoft Anti-Malware
Gen:Variant.Strictor.72872
8.15.01.03.06

ESET NOD32
Win32/WuJi (variant)
9.10947

Fortinet FortiGate
Riskware/WuJi
1/3/2015

F-Secure
Gen:Variant.Strictor.72872
11.2015-03-01_7

G Data
Gen:Variant.Strictor.72872
15.1.24

IKARUS anti.virus
PUA.WuJi
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.188.14496

McAfee
PUP-FNT
5600.6897

MicroWorld eScan
Gen:Variant.Strictor.72872
16.0.0.9

Norman
Suspicious_Gen4.HJUPD
11.20150103

Panda Antivirus
Trj/CI.A
15.01.03.06

Sophos
Generic PUA BF
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00LJ14
7.2.3

Trend Micro
TROJ_GEN.F0C2C00LJ14
10.465.03

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36238

File size:
5.5 MB (5,722,696 bytes)

Product version:
1.14.12.11

Copyright:
Copyright (C) 2014

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\downloads\programs\setup_3410.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/14/2014 2:00:00 AM

Valid to:
4/15/2015 1:59:59 AM

Subject:
CN="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", O="GuangxiNanningshi Shengjuguangzaixian Info Tech Co.,LTD.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2BAC93FD3FE5B005036AD0D4C873C6E5

File PE Metadata
Compilation timestamp:
12/12/2014 3:11:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:pF9xB2M9eUIUvGGP21ZXbxtWvFOOLGP1NX9u1z8VQViMExIwkMyUpyMDVi:ZxIM91IUuGPsXbxtWoOLG4UzdxLkMyUS

Entry address:
0x321C8

Entry point:
E8, 15, 98, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 8B, FF, 8A, 06, 0A, C0, 74, 0C, 83, C6, 01, 0F, A3, 04, 24, 73, F1, 8D, 46, FF, 83, C4, 20, 5E, C9, C3, 6A, 14, 68, B8, B6, 45, 00, E8, 64, 3C, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45...
 
[+]

Code size:
319 KB (326,656 bytes)

The file setup_3410.exe has been seen being distributed by the following 4 URLs.

http://210.6.198.19/.../???_5171-1.exe

Remove setup_3410.exe - Powered by Reason Core Security