» setup_v5.exe
Overview
Analysis
File Details
Downloads (1)

setup_v5.exe

White Sea Media

The application setup_v5.exe by White Sea Media has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downloads.shoppingsuggestion.com.

File name:

setup_v5.exe

Publisher:

White Sea Media (signed and verified)

MD5:

7a14a7b92fe94f41455cf5b43a46e68b

SHA-1:

3ec3e837d3866aa4e403c8a00163cce950f8aa0f

SHA-256:

ea06c77139dd8b885e13e55e4d4bb938cedba7b9a6f6deb43df4d86d5142ddc7

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of a backdoor IRC bot network.

Analysis date:

1/14/2025 9:30:31 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BitCoinMiner-FC [Trj]

2014.9-140117

AVG

MalSign.Generic

2015.0.3592

Dr.Web

Trojan.BtcMine.221

9.0.1.017

IKARUS anti.virus

Win32.BitCoinMiner

t3scan.2.2.29

McAfee

Artemis!7A14A7B92FE9

5600.7248

Reason Heuristics

PUP.Installer.WhiteSeaMedia.I

14.8.7.21

Trend Micro House Call

TROJ_GEN.F47V0108

7.2.17

VIPRE Antivirus

Backdoor.Win32.Ircbot.gen

25478

File size:

1.2 MB (1,285,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup_v5.exe

Digital Signature

Signed by:

White Sea Media

Authority:

COMODO CA Limited

Valid from:

7/8/2013 2:00:00 AM

Valid to:

7/9/2014 1:59:59 AM

Subject:

CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata

Compilation timestamp:

12/27/2013 3:12:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:Cph2Z+YA9vVlB4/Xw4b0LWQ3pQRPSihxxdZBHyQHpzbKCC3OzV:CCsL/lV4gLWkqFxxdbHtxbKCQOzV

Entry address:

0x344000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 20, 13, 00, 2D, 8F, 8E, 0A, 10, 05, 84, 8E, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, D8, D5, 87, 49, 68, 02, 81, B1, 2D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, B5, 60, A0, 72, 32, 06, B0, 85, 00, 6D, 47, 06, F5, 81... 
[+]

Code size:

28.5 KB (29,184 bytes)

The file setup_v5.exe has been seen being distributed by the following URL.

http://downloads.shoppingsuggestion.com/setup_v5.exe

Remove setup_v5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.