» setup_790.exe
Overview
Analysis
File Details
Downloads (1)

setup_790.exe

Kw7Wg

Kw7

The application setup_790.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl.cetaitlagrenouille.com.

File name:

setup_790.exe

Publisher:

Kw7

Product:

Kw7Wg

Description:

Version:

2.6.5.4

MD5:

637b2c4bde970756eeca9b60190977a8

SHA-1:

bb7cfb6427fdc0a7bcf06312c5e665e1dc6add2c

SHA-256:

66333d79a1d4ca85f650782f813d6f248662813a92c786f114cb16442b383703

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 1:56:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Temonde.12

212

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Application.Bundler.Temonde.12

1.0.0.741

AVG

MSIL10

2017.0.2690

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.1676

Bitdefender

Gen:Variant.Application.Bundler.Temonde.12

1.0.20.940

Dr.Web

Adware.Eorezo.898

9.0.1.0188

ESET NOD32

MSIL/Injector.PPZ (variant)

10.13757

Fortinet FortiGate

Riskware/Temonde

7/6/2016

F-Prot

W32/S-77298a25

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2016-06-07_4

G Data

Gen:Variant.Application.Bundler.Temonde.12

16.7.25

Kaspersky

not-a-virus:HEUR:Downloader.MSIL.Temonde

14.0.0.-55

Malwarebytes

PUP.Optional.Tuto4PC

v2016.07.06.11

McAfee

Artemis!637B2C4BDE97

5600.6346

MicroWorld eScan

Gen:Variant.Application.Bundler.Temonde.12

17.0.0.564

Panda Antivirus

Trj/GdSda.A

16.07.06.11

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

Reason Heuristics

Adware.Eorezo.DB (M)

16.7.6.23

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

50624

File size:

814.5 KB (834,048 bytes)

Product version:

2.6.5.4

Kw7Wg2016

Trademarks:

Kw7Wgh6zK

Original file name:

AsbaBehia.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\setup_790.exe

File PE Metadata

Compilation timestamp:

7/5/2016 1:07:02 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

48.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:7oR0QJ3A7yF+7opphNWryQ9UQhO5xsnlHCiDAUDu4SnMJ:7oj1A7c+M1NiyQ9TwxM35n

Entry address:

0xB2C82

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

707.5 KB (724,480 bytes)

The file setup_790.exe has been seen being distributed by the following URL.

http://dl.cetaitlagrenouille.com/download/.../elansurfer-installer.exe

Remove setup_790.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.