home

setup_open_56.exe

无极影音安装程序

Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

The executable setup_open_56.exe has been detected as malware by 12 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Sta  (signed by Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.)

Product:
无极影音安装程序

Version:
1.0.0.0

MD5:
6891912572eeb01cf6fd4b596740fa47

SHA-1:
8e01f408db841c19ecb0768194b267693fa00287

SHA-256:
e6708bf73b5bc9e9503b030bfe53ea9475138072c18b2f1822a7a99d22b97006

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/24/2024 8:04:36 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Delf
7.1.1

AVG
Downloader.Agent2
2018.0.2509

Baidu Antivirus
Trojan.Win32.Delf
4.0.3.1714

Comodo Security
TrojWare.Win32.Agent.~SAV
17776

Dr.Web
DLOADER.Trojan
9.0.1.04

ESET NOD32
Win32/TrojanDownloader.Delf.PSJ (variant)
11.9416

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.2.2.29

Malwarebytes
Trojan.Downloader.Small
v2017.01.04.01

McAfee
Artemis!6891912572EE
5600.6165

Norman
Agent.ALVQM
11.20170104

Trend Micro House Call
HV_DOWNLOADER_CB2401C2.TOMC
7.2.4

VIPRE Antivirus
Trojan.Win32.Generic
26414

File size:
1.3 MB (1,386,056 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2012

Original file name:
SetupApp.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\setup_open_56.exe

Digital Signature
Signed by:
Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
7/17/2012 12:23:57 AM

Valid to:
7/19/2013 10:21:38 AM

Subject:
E=kefu@shengtaian.com, CN="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", O="Guangxi Nanning Shengtaian E-commerce Development Co., Ltd.", L=Nanning, S=Guangxi, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
1BB133DCEFAD95

File PE Metadata
Compilation timestamp:
12/26/2012 4:18:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x9BE8

Entry point:
E8, FB, 3A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 68, 53, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 44, 51, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, C3, 41, 00, 89, 0D, 74, C3, 41, 00, 89, 15, 70, C3, 41, 00, 89, 1D, 6C, C3, 41, 00, 89, 35, 68, C3, 41, 00, 89, 3D...
 
[+]

Entropy:
7.9374  (probably packed)

Code size:
80 KB (81,920 bytes)

Remove setup_open_56.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.