setup_5066.exe

便压2安装

Guangxi Nanning Shengtai'an E-Business Development CO.LTD

The application setup_5066.exe, “BY3 安装 ” by Guangxi Nanning Shengtai'an E-Business Development CO.LTD has been detected as adware by 11 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn4.wuji.com and multiple other hosts.
Publisher:
BY3   (signed by Guangxi Nanning Shengtai'an E-Business Development CO.LTD)

Product:
便压2安装

Description:
BY3 安装

Version:
1.14.11.15

MD5:
22c68ff7753302d89e322730d58f47c7

SHA-1:
dd1682d9638179d477d9c1d80695f6da2ae47492

SHA-256:
cb575f650bf7ac711c05c75b649272f4c5354621c14f26b2067db4f7c7367798

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
12/28/2024 8:24:24 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.WuJi
4.0.3.141124

Dr.Web
DLOADER.Trojan
9.0.1.0328

ESET NOD32
Win32/WuJi (variant)
8.10770

Fortinet FortiGate
Riskware/WuJi
11/24/2014

G Data
Win32.Application.Agent.51BJ0K
14.11.24

K7 AntiVirus
Trojan
13.185.14113

McAfee
PUP-FNT
5600.6937

Reason Heuristics
PUP.Installer.GuangxiNanningShengtaianEBusinessDevelopmentCOLTD
15.2.14.11

Sophos
Generic PUA NN
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35078

File size:
5.4 MB (5,709,112 bytes)

Product version:
1.14.11.15

Copyright:
Copyright (C) 2014

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/30/2014 3:00:00 AM

Valid to:
5/31/2015 2:59:59 AM

Subject:
CN=Guangxi Nanning Shengtai'an E-Business Development CO.LTD, O=Guangxi Nanning Shengtai'an E-Business Development CO.LTD, L=Guangxi, S=Nanning, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1EB0F4D821E239BA81B3D10E61B7615B

File PE Metadata
Compilation timestamp:
11/17/2014 6:57:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:yaITm4rr/vBHBObEt64oHawOS7mq77KrG3JCx1JB2M9eUIUvGGPhGg2:h4nnwEt6NH3mqyrcEXIM91IUuGP2

Entry address:
0x2F288

Entry point:
E8, C1, 81, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 8B, FF, 8A, 06, 0A, C0, 74, 0C, 83, C6, 01, 0F, A3, 04, 24, 73, F1, 8D, 46, FF, 83, C4, 20, 5E, C9, C3, 6A, 14, 68, F8, 95, 45, 00, E8, 24, 3E, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45...
 
[+]

Entropy:
7.9486  (probably packed)

Code size:
309 KB (316,416 bytes)

The file setup_5066.exe has been seen being distributed by the following 5 URLs.

http://cdn4.wuji.com:6677/wuji/.../setup_867.exe

Remove setup_5066.exe - Powered by Reason Core Security