home

setup_364.exe

拷啦

Yantai Zhenghao Network Technology (Zhifu Branch) Co., LTD.

The application setup_364.exe by Yantai Zhenghao Network Technology (Zhifu Branch) Co. has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl.ke8u.com.
Publisher:
Yantai Zhenghao Network Technology (Zhifu Branch) Co., LTD.  (signed and verified)

Product:
拷啦

Description:
快速拷贝软件

Version:
1.0.0.1

MD5:
9819bb9c5de7454bb623efb20f5758c3

SHA-1:
4a6e858e6ab1d99e444e72c291a709ad88820ff5

SHA-256:
caf9d879147fdd9cb4d33af9f0d6c1fd63f89c18c22c9876d41d7d038aeaf1b0

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:52:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1399722
196

AhnLab V3 Security
PUP/Win32.Generic
2015.07.28

Arcabit
Application.Generic.D155BAA
1.0.0.425

AVG
Generic
2017.0.2674

Baidu Antivirus
Trojan.Win32.Yantai
4.0.3.16722

Bitdefender
Application.Generic.1399722
1.0.20.1020

Bkav FE
W32.FamVT.YantaiTTc
1.3.0.6979

Clam AntiVirus
Win.Trojan.691128
0.98/21511

Comodo Security
UnclassifiedMalware
22878

Dr.Web
Trojan.KillFiles.28526
9.0.1.0204

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant)
10.12004

Fortinet FortiGate
W32/Generic.AC.18053
7/22/2016

F-Prot
W32/Yantai.A.gen
v6.4.7.1.166

F-Secure
Application.Generic.1399722
11.2016-22-07_6

G Data
Application.Generic.1399722
16.7.25

IKARUS anti.virus
PUA.RiskWare.Yantai
t3scan.1.9.5.0

McAfee
Artemis!9819BB9C5DE7
5600.6330

MicroWorld eScan
Application.Generic.1399722
17.0.0.612

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
0.30.24.2668

Sophos
Generic PUA EK
4.98

VIPRE Antivirus
Trojan.Win32.Generic
42396

Zillya! Antivirus
Trojan.Yantai.Win32.1
2.0.0.2318

File size:
2.2 MB (2,329,808 bytes)

Product version:
1.0.0.1

Copyright:
(C) 拷啦软件

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\files\setup_364.exe

Digital Signature
Signed by:
Yantai Zhenghao Network Technology (Zhifu Branch) Co., LTD.

Authority:
WoSign CA Limited

Valid from:
2/3/2015 9:26:24 AM

Valid to:
2/3/2016 9:26:24 AM

Subject:
CN="Yantai Zhenghao Network Technology (Zhifu Branch) Co., LTD.", O="Yantai Zhenghao Network Technology (Zhifu Branch) Co., LTD.", L=Yantai, S=Shandong, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2297A880AD01846A8F46524B7EA7B502

File PE Metadata
Compilation timestamp:
3/29/2014 5:42:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Hd/AE/wPRBhcBy5ZLfohnBFts2tIAA2miVgffvM6uNH1orHXIbAwh:Hd/r0BhJLfi/tsagrTn0NH6DXOh

Entry address:
0x3DD3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, B1, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 90, 40, 00, 53, FF, 15, 70, 92, 40, 00, 6A, 08, A3, 78, 5F, 42, 00, E8, 55, 3D, 00, 00, A3, E4, 5E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 80, 18, 42, 00, FF, 15, 68, 91, 40, 00, 68, B8, B1, 40, 00, 68, E0, 56, 42, 00, E8, 06, 3A, 00, 00, FF, 15, BC, 90, 40, 00, BF, 00, B0, 42, 00, 50, 57, E8, F4, 39, 00, 00...
 
[+]

Entropy:
7.9912

Packer / compiler:
Nullsoft install system v2.x

Code size:
28.5 KB (29,184 bytes)

The file setup_364.exe has been seen being distributed by the following URL.

http://dl.ke8u.com/down.php?sid=364

Remove setup_364.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.