ssupsetup_binstall3.exe

The application ssupsetup_binstall3.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from softs.illyx.com and multiple other hosts.
MD5:
6160459e69fc6761831cf14070e54d0d

SHA-1:
1196677499fadb53436193b4948890cb7dff8b8a

SHA-256:
0d8f8f0e535841239b8173cae083cd1ccba7fa9e4426ed5514685fce46703c6a

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/24/2024 1:16:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11592563
852

avast!
Win32:Malware-gen
2014.9-141005

Baidu Antivirus
Trojan.Win32.Reporter
4.0.3.14105

Bitdefender
Trojan.Generic.11592563
1.0.20.1390

Emsisoft Anti-Malware
Trojan.Generic.11592563
8.14.10.05.01

ESET NOD32
Win32/Reporter
8.10047

F-Secure
Trojan.Generic.11592563
11.2014-05-10_1

G Data
Trojan.Generic.11592563
14.10.24

K7 AntiVirus
Trojan
13.183.13584

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3147

Malwarebytes
PUP.Optional.Babylon
v2014.10.05.01

McAfee
Artemis!6160459E69FC
5600.6986

MicroWorld eScan
Trojan.Generic.11592563
15.0.0.834

NANO AntiVirus
Trojan.Win32.Reporter.deiohq
0.28.2.62440

nProtect
Trojan.Generic.11592563
14.10.05.01

Panda Antivirus
Trj/CI.A
14.10.05.01

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Downloader.NSIS.g5 (Not a Virus)
10.14.14.00

Trend Micro House Call
TROJ_GEN.R02KH07GB14
7.2.278

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
33686

File size:
4 MB (4,242,333 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\ssupsetup_binstall3.exe

File PE Metadata
Compilation timestamp:
12/25/2013 6:01:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:u8ej9VEq/RDOF73QRHQOZ2yKwTiuHlJHcIby+PSP8+Wat:fA9/RO7UQO5Vby+qP8+Wat

Entry address:
0x30E4

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, E4, 42, 00, E8, 95, 2D, 00, 00, A3, A4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 87, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, DB, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 2D, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ssupsetup_binstall3.exe has been seen being distributed by the following 2 URLs.

Remove ssupsetup_binstall3.exe - Powered by Reason Core Security