» tvantssetup.exe
Overview
Analysis
File Details
Downloads (1)

tvantssetup.exe

Zhejiang University

The executable tvantssetup.exe, “Tvants 1.0 International Edition Setup” has been detected as malware by 9 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from cdn-us.filecluster.com.

File name:

tvantssetup.exe

Publisher:

Zhejiang University

Description:

Tvants 1.0 International Edition Setup

Version:

1.0

MD5:

e21d5ddc74051000892ef87b038ab7b7

SHA-1:

1a1fce1b4bf47652bfaf0e0db5d236b02248f031

SHA-256:

747a7e8dd56c278b428d4532610d546cd7f21660e0a017ad903b932ae0e45d6b

Scanner detections:

9 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/27/2024 4:23:49 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160326-0

AVG

Win32/Sality

2015.0.4568

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.219.1827.0

Norman

Win32.Sality.3

02.04.2016 17:35:19

File size:

2.9 MB (3,083,264 bytes)

2005,Zhejiang University

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\tvantssetup.exe

File PE Metadata

Compilation timestamp:

4/8/1999 9:24:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:JkOUENib/vCmGwLItHYA8bKGGCkniJ1Gt/TrqhySgwG15qS3r8l2SQL3r:+O5NiTK5wkHhDQH1GtPkySakc7

Entry address:

0x1000

Entry point:

60, 81, DB, 1D, 66, E9, FD, BA, 74, A6, B7, D5, 8D, 35, 2F, 52, 9F, C1, B4, 7C, 87, F3, EB, 05, 86, DC, F6, C7, 63, 78, 08, 8D, 0D, 0E, 6B, 35, BD, 8A, F2, 85, ED, 0F, BF, FB, C6, C2, AA, E8, 23, 00, 00, 00, 80, E4, A4, C6, C1, 54, FE, CC, 8D, 0D, C1, FA, 46, 50, C6, C1, 94, 0F, AF, F8, 81, C6, 42, FC, FF, FF, C6, C5, DE, 81, C6, B8, 08, 00, 00, 59, 0F, AF, C1, 87, C7, 3B, D7, 76, 0B, F6, C0, 5E, C7, C6, C0, 39, FA, D5, 88, D4, FE, C2, C6, C0, BA, 02, C5, 81, C1, F1, 5F, 2F, 00, 81, FB, 43, B3, 00, 00, 76... 
[+]

Entropy:

7.9971 (probably packed)

Code size:

512 Bytes (512 bytes)

The file tvantssetup.exe has been seen being distributed by the following URL.

http://cdn-us.filecluster.com/.../TvantsSetup.exe

Remove tvantssetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.