home

setup_6.exe

音乐FM安装程序

广西南宁市昇桔光在线信息技术有限公司

The executable setup_6.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from down.yinyue.fm.
Publisher:
Sta  (signed by 广西南宁市昇桔光在线信息技术有限公司)

Product:
音乐FM安装程序

Version:
1.0.0.0

MD5:
e88b690de6bf7616860e5f2b76cb64ae

SHA-1:
96a9e9f7a11611d0da08545eddce85fe6e318a38

SHA-256:
4e48578da8dc55f1cfd88a9f77ecd2bbcf2b747e717423b6c302e2722cd80b17

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/28/2024 12:38:13 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Bkav FE
W32.Clodeb2.Trojan
1.3.0.4959

Dr.Web
Trojan.DownLoader9.59141
9.0.1.0128

Malwarebytes
Trojan.Startpage.DRP
v2014.05.08.04

NANO AntiVirus
Trojan.Win32.XPACK.cstkub
0.28.0.59492

Norman
DLoader.ATMAG
11.20140508

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
28468

File size:
3.6 MB (3,775,272 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2012

Original file name:
SetupApp.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
广西南宁市昇桔光在线信息技术有限公司

Authority:
WoSign eCommerce Services Limited

Valid from:
6/21/2013 12:51:31 PM

Valid to:
6/23/2014 6:08:06 PM

Subject:
E=kvzy126@qq.com, CN=广西南宁市昇桔光在线信息技术有限公司, O=广西南宁市昇桔光在线信息技术有限公司, L=南宁市, S=广西壮族自治区, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
0B9B0DFF23DA39

File PE Metadata
Compilation timestamp:
10/12/2013 10:26:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:cyDkD/9MSqqjyXhrOK96iwGwdlpk4781i:lRXh6s6iwb8Ti

Entry address:
0x96D8

Entry point:
E8, 9B, 3C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 88, 53, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 80, 51, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, C3, 41, 00, 89, 0D, 14, C3, 41, 00, 89, 15, 10, C3, 41, 00, 89, 1D, 0C, C3, 41, 00, 89, 35, 08, C3, 41, 00, 89, 3D...
 
[+]

Entropy:
7.9360  (probably packed)

Code size:
79 KB (80,896 bytes)

The file setup_6.exe has been seen being distributed by the following URL.

http://down.yinyue.fm/.../setup_6.exe

Remove setup_6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.