home

setup_zol.exe

稻草人

Yantai ZhengHao Network Technology Co.,Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from xiazai.daocaoren.cn.
Publisher:
Yantai ZhengHao Network Technology Co.,Ltd.  (signed and verified)

Product:
稻草人

Version:
2.0.0.8

MD5:
5097f4b170266c2127ee271a1945c693

SHA-1:
ce5790fcd4211e518c55189bc598e0eacbea3b98

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 12:48:45 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader.Generic13
2018.0.2505

Malwarebytes
PUP.Optional.ChinAd
v2017.01.07.07

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

File size:
1.9 MB (1,976,408 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\setup_zol.exe

Digital Signature
Signed by:
Yantai ZhengHao Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/14/2012 8:00:00 AM

Valid to:
6/15/2013 7:59:59 AM

Subject:
CN="Yantai ZhengHao Network Technology Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Yantai ZhengHao Network Technology Co.,Ltd.", L=Yantai, S=Shandong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0F3D33D10E94C4017C0417C354E3620E

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9889

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup_zol.exe has been seen being distributed by the following URL.

http://xiazai.daocaoren.cn/setup_zol.exe

Scan setup_zol.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.