tvantssetup.exe

Zhejiang University

The executable tvantssetup.exe, “Tvants 1.0 International Edition Setup” has been detected as malware by 9 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from cdn-us.filecluster.com.
Publisher:
Zhejiang University

Description:
Tvants 1.0 International Edition Setup

Version:
1.0

MD5:
e21d5ddc74051000892ef87b038ab7b7

SHA-1:
1a1fce1b4bf47652bfaf0e0db5d236b02248f031

SHA-256:
747a7e8dd56c278b428d4532610d546cd7f21660e0a017ad903b932ae0e45d6b

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 4:23:49 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160326-0

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.1827.0

Norman
Win32.Sality.3
02.04.2016 17:35:19

File size:
2.9 MB (3,083,264 bytes)

Copyright:
2005,Zhejiang University

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tvantssetup.exe

File PE Metadata
Compilation timestamp:
4/8/1999 9:24:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:JkOUENib/vCmGwLItHYA8bKGGCkniJ1Gt/TrqhySgwG15qS3r8l2SQL3r:+O5NiTK5wkHhDQH1GtPkySakc7

Entry address:
0x1000

Entry point:
60, 81, DB, 1D, 66, E9, FD, BA, 74, A6, B7, D5, 8D, 35, 2F, 52, 9F, C1, B4, 7C, 87, F3, EB, 05, 86, DC, F6, C7, 63, 78, 08, 8D, 0D, 0E, 6B, 35, BD, 8A, F2, 85, ED, 0F, BF, FB, C6, C2, AA, E8, 23, 00, 00, 00, 80, E4, A4, C6, C1, 54, FE, CC, 8D, 0D, C1, FA, 46, 50, C6, C1, 94, 0F, AF, F8, 81, C6, 42, FC, FF, FF, C6, C5, DE, 81, C6, B8, 08, 00, 00, 59, 0F, AF, C1, 87, C7, 3B, D7, 76, 0B, F6, C0, 5E, C7, C6, C0, 39, FA, D5, 88, D4, FE, C2, C6, C0, BA, 02, C5, 81, C1, F1, 5F, 2F, 00, 81, FB, 43, B3, 00, 00, 76...
 
[+]

Entropy:
7.9971  (probably packed)

Code size:
512 Bytes (512 bytes)

The file tvantssetup.exe has been seen being distributed by the following URL.

Remove tvantssetup.exe - Powered by Reason Core Security