setup_v4.exe

White Sea Media

The application setup_v4.exe by White Sea Media has been detected as adware by 7 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downloads.shoppingsuggestion.com and multiple other hosts.
Publisher:
White Sea Media  (signed and verified)

MD5:
2eec6ccda6592f67ef537524b475d8da

SHA-1:
c1b84fee4b51ec57b379e28f8f27592cd2e1e451

SHA-256:
b818c8d87b7b3082663ff097a3a91749ec6f48b06eba52c698b166fd4f20f7c0

Scanner detections:
7 / 68

Status:
Adware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
1/14/2025 9:26:39 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BitCoinMiner-FE [Trj]
2014.9-140114

AVG
Win32/DH
2015.0.3594

ESET NOD32
Win32/CoinMiner.JO (variant)
8.9286

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.4467

Norman
Downloader
11.20140114

Reason Heuristics
PUP.Installer.WhiteSeaMedia.I
14.8.7.21

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
55.7 KB (57,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup_v4.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/8/2013 2:00:00 AM

Valid to:
7/9/2014 1:59:59 AM

Subject:
CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata
Compilation timestamp:
1/13/2014 3:47:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:hQR311e3t4IE8t5fShid5C+fa8R/NeVaHI2PkED/AneyjAXl8nKgH:hsa3yKtIizfP/jPikXSn1

Entry address:
0x1F51

Entry point:
E8, F2, 2D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, F4, 93, 40, 00, FF, 15, 44, 90, 40, 00, 85, C0, 74, 15, 68, E4, 93, 40, 00, 50, FF, 15, 24, 90, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 48, 90, 40, 00, CC, 6A, 08, E8, B8, 2F, 00, 00, 59, C3, 6A, 08, E8, D6, 2E, 00, 00, 59, C3, 8B, FF, 56, E8, 1C, 29, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8B, 14, 00, 00, 56, E8, 22, 32, 00, 00, 56, E8, 0D, 32, 00...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file setup_v4.exe has been seen being distributed by the following 2 URLs.

Remove setup_v4.exe - Powered by Reason Core Security