» setup_v4.exe
Overview
Analysis
File Details
Downloads (1)

setup_v4.exe

White Sea Media

The application setup_v4.exe by White Sea Media has been detected as adware by 5 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downloads.shoppingsuggestion.com.

File name:

setup_v4.exe

Publisher:

White Sea Media (signed and verified)

MD5:

67d67d8f3a552a04d84400d47e9b06fd

SHA-1:

e0e5a8e6b2f6ec7664b3a1bf3449c539e6bf0a9b

SHA-256:

7c5b9891b5d0b62b64237cf59c171bc6c2a54107ab7161f9f7956d2c15c7851d

Scanner detections:

5 / 68

Status:

Adware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/5/2024 9:38:37 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BitCoinMiner-FE [Trj]

2014.9-140117

AVG

Win32/DH

2015.0.3592

Norman

Downloader

11.20140117

Reason Heuristics

PUP.Installer.WhiteSeaMedia.I

14.8.7.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

55.7 KB (57,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup_v4.exe

Digital Signature

Signed by:

White Sea Media

Authority:

COMODO CA Limited

Valid from:

7/7/2013 9:00:00 PM

Valid to:

7/8/2014 8:59:59 PM

Subject:

CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata

Compilation timestamp:

1/10/2014 3:24:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

768:H831fXN4jEDgqLhid5C+fE8R/NezaHQ2PTXEDxAn8htdyjA68nKgH:GFXSmg6izfR/FPTLKxnp

Entry address:

0x1F61

Entry point:

E8, F2, 2D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, 0C, 94, 40, 00, FF, 15, 44, 90, 40, 00, 85, C0, 74, 15, 68, FC, 93, 40, 00, 50, FF, 15, 24, 90, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 48, 90, 40, 00, CC, 6A, 08, E8, B8, 2F, 00, 00, 59, C3, 6A, 08, E8, D6, 2E, 00, 00, 59, C3, 8B, FF, 56, E8, 1C, 29, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8B, 14, 00, 00, 56, E8, 25, 32, 00, 00, 56, E8, 10, 32, 00... 
[+]

Entropy:

6.3102

Code size:

28.5 KB (29,184 bytes)

The file setup_v4.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/setup_v4.exe

Remove setup_v4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.