» setup_v4.exe
Overview
Analysis
File Details
Downloads (1)

setup_v4.exe

White Sea Media

The application setup_v4.exe by White Sea Media has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downloads.shoppingsuggestion.com.

File name:

setup_v4.exe

Publisher:

White Sea Media (signed and verified)

MD5:

7401069e17f11a7130c3418d2efcaab2

SHA-1:

bfba5919e6c9353a032f91794429dc35b18c5399

SHA-256:

421210b8c0e37f60f15c50d95936257e0c4367c8ed6552a63791efdd70b962f1

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Part of a backdoor IRC bot network.

Analysis date:

1/14/2025 9:37:54 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BitCoinMiner-FC [Trj]

2014.9-140104

Dr.Web

Trojan.BtcMine.221

9.0.1.04

IKARUS anti.virus

Win32.BitCoinMiner

t3scan.2.2.29

McAfee

Artemis!7401069E17F1

5600.7261

Reason Heuristics

PUP.Installer.WhiteSeaMedia.I

14.8.7.21

Trend Micro House Call

TROJ_GEN.F47V0101

7.2.4

VIPRE Antivirus

Backdoor.Win32.Ircbot.gen

25178

File size:

1.2 MB (1,263,328 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup_v4.exe

Digital Signature

Signed by:

White Sea Media

Authority:

COMODO CA Limited

Valid from:

7/8/2013 2:00:00 AM

Valid to:

7/9/2014 1:59:59 AM

Subject:

CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata

Compilation timestamp:

12/27/2013 2:26:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:xkh6bi8zXXweKZXQrIXXcsRlHjF3H6fP+rjuWgpmtjapcC73nanSbbYnTAwh0kvN:xc6GogeBMXTjF3H6fmHVgstS737UTAwR

Entry address:

0x336000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, C0, 12, 00, 2D, 8F, 8E, 0A, 10, 05, 84, 8E, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 72, 2D, 6E, 4C, 68, 15, DB, FD, 70, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, AC, 60, A5, 6E, A8, 61, 6A, 76, 0F, 00, 9C, C3, C5, 74... 
[+]

Code size:

28.5 KB (29,184 bytes)

The file setup_v4.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/setup_v4.exe

Remove setup_v4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.