setupv.exe

project1

The executable setupv.exe, “Windows Installer Helper” has been detected as malware by 35 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address static.242.0.76.144.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
Microsoft*  (Invalid match)

Product:
project1

Description:
Windows Installer Helper

Version:
1.00

MD5:
4d6ca998a931987a705fc37413f10c73

SHA-1:
5f43d3230ab3bf4b9ecbcaa24a6a2ca7a07f33b9

SHA-256:
c6d549507bdf7ac4654eb3e3e5b2def93bd8b77b52c23a5f05fd9c0a2a7315bb

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/5/2024 1:58:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.VB.BWX
890

Agnitum Outpost
Trojan.VB
7.1.1

Avira AntiVirus
TR/VB.ahcz
7.11.160.254

avast!
Win32:VB-PPA [Trj]
2014.9-140829

AVG
Generic18
2015.0.3368

Baidu Antivirus
Trojan.Win32.VB
4.0.3.14829

Bitdefender
Trojan.Agent.VB.BWX
1.0.20.1205

Bkav FE
W32.Clod753.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18866

Dr.Web
Trojan.Siggen1.63584
9.0.1.0241

Emsisoft Anti-Malware
Trojan.Agent.VB.BWX
8.14.08.29.10

ESET NOD32
Win32/TrojanDownloader.VB.OQZ
8.10102

Fortinet FortiGate
W32/VB.AHCZ!tr
8/29/2014

F-Prot
W32/MalwareF.EHDE
v6.4.7.1.166

F-Secure
Trojan.Agent.VB.BWX
11.2014-29-08_6

G Data
Trojan.Agent.VB.BWX
14.8.24

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.6.1.0

Kaspersky
Trojan.Win32.VB
14.0.0.3333

Malwarebytes
Trojan.Downloader
v2014.08.29.10

McAfee
Generic.ig
5600.7024

Microsoft Security Essentials
Trojan:Win32/Provis!rts
1.10802

MicroWorld eScan
Trojan.Agent.VB.BWX
15.0.0.723

NANO AntiVirus
Trojan.Win32.VB.bjfbh
0.28.2.60881

Norman
Suspicious_Gen2.CFUQA
11.20140829

nProtect
Trojan/W32.Agent.28672.BAX
14.07.15.01

Panda Antivirus
Generic Trojan
14.08.29.10

Qihoo 360 Security
Win32/Trojan.6de
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.12605337!308302647
23.00.65.14827

Sophos
Troj/VB-ESF
4.98

Trend Micro House Call
TROJ_VB.IJG
7.2.241

Trend Micro
TROJ_VB.IJG
10.465.29

Vba32 AntiVirus
Trojan.VB
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31316

ViRobot
Trojan.Win32.VB.28672.CP
2011.4.7.4223

Zillya! Antivirus
Trojan.VB.Win32.52198
2.0.0.1859

File size:
28 KB (28,672 bytes)

Product version:
1.00

Original file name:
setupv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\setupv.exe

File PE Metadata
Compilation timestamp:
6/8/2010 6:43:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:wXbP+BrMu9Ke7UokJhPTbEyECEGEmEKWT3:YP+BrjKe7UEyECEGEmEP

Entry address:
0x1108

Entry point:
68, 5C, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 6A, 35, 1D, 65, 2A, ED, B1, 41, BB, 34, 62, FC, 79, F0, 60, 56, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 53, 65, 61, 6E, 5C, 44, 65, 00, 00, 00, 00, FF, CC, 31, 00, 01, AC, 64, E4, 3B, 76, 25, 1A, 4D, 9F, 38, D0, 8E, 36, 1D, 81, 2D, 1E, 84, AD, B3, 43, 04, E1, 4B, B0, 05, AD, D6, 34, DD, BC, B2, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
20 KB (20,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.242.0.76.144.clients.your-server.de  (144.76.0.242:80)

TCP (HTTP):
Connects to 94.31.29.3.IPYX-077437-ZYO.above.net  (94.31.29.3:80)

Remove setupv.exe - Powered by Reason Core Security