home

setup_g1.exe

西西软件盒

武汉威俊科技有限公司

The application setup_g1.exe by 武汉威俊科技有限公司 has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
www.cr173.com  (signed by 武汉威俊科技有限公司)

Product:
西西软件盒

Version:
3.6.3.4 ???

MD5:
05361bf056468741cea4eb23e650ac15

SHA-1:
3c49ebdab71bb5adcdd1acdbe2f82902e14a7cd6

SHA-256:
fd6f36c97f1480276cff36ddd59c0b42e693c51a2eb29825d390e4acb28a8d3d

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 11:50:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Qiyi.CO
7.11.102.160

avast!
Win32:Dropper-gen [Drp]
2014.9-160908

Bitdefender
Trojan.Agent.AZPE
1.0.20.1260

Dr.Web
BackDoor.Crispit.2
9.0.1.0252

Emsisoft Anti-Malware
Trojan.Agent.AZPE
8.16.09.08.07

ESET NOD32
Win32/Hao123 (variant)
10.8805

Fortinet FortiGate
Adware/Hao123
9/8/2016

F-Secure
Trojan.Generic.9452283
11.2016-08-09_5

G Data
Trojan.Agent.AZPE
16.9.22

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9576

McAfee
Artemis!05361BF05646
5600.6283

MicroWorld eScan
Trojan.Agent.AZPE
17.0.0.756

NANO AntiVirus
Trojan.Win32.Crispit.bfhhpb
0.26.0.54404

Norman
DLoader.AOCCN
11.20160908

Sophos
Generic PUA OB
4.91

Trend Micro House Call
TROJ_GEN.F0C2C0KI813
7.2.252

Trend Micro
TROJ_GEN.F0C2C0KI813
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
21518

File size:
2.6 MB (2,756,632 bytes)

Product version:
3.6.3.4 ???

Copyright:
Copyright 2012 All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup_g1.exe

Digital Signature
Signed by:
武汉威俊科技有限公司

Authority:
VeriSign, Inc.

Valid from:
9/8/2012 8:00:00 AM

Valid to:
8/21/2013 7:59:59 AM

Subject:
CN=武汉威俊科技有限公司, OU=technology department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=武汉威俊科技有限公司, L=武汉市, S=湖北省, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E277237163D1559237831B56147B07A

File PE Metadata
Compilation timestamp:
6/19/2009 5:33:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:t8hmb9/dRsK3vE4TSpNI1WO7h8ArVa7V0SxLVqgXexjJrt7oLSaU0I+psTEpoGYV:lCw4NTWLVah3TfgFr9oLjGSov

Entry address:
0x3121

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 5C, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 3F, 42, 00, E8, A2, 2C, 00, 00, A3, 64, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 24, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 50, 91, 40, 00, 68, 60, 36, 42, 00, E8, 2B, 29, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 19, 29, 00, 00...
 
[+]

Entropy:
7.9899

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove setup_g1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.