home

virtualrouterplussetup.exe

Virtual Router Plus

Runxia Electronics

The executable virtualrouterplussetup.exe, “Setup Launcher Unicode” has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from virtualrouter-plus.fr.softonic.com.
Publisher:
Runxia Electronics

Product:
Virtual Router Plus

Description:
Setup Launcher Unicode

Version:
2.5.0

MD5:
987752f1dad76977619ec3eab8a4ae89

SHA-1:
9ce4a8659dec1f20c259d01ffd72211303704395

SHA-256:
76d981acef20a0f55e2e57ce5467dec8460c84adb281baf4385c8a224cea899d

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
2/26/2025 6:24:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4591

Dr.Web
Win32.Sector.21
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.2255.0

Norman
Win32.Sality.3
19.05.2016 01:04:49

VIPRE Antivirus
Threat.4721115
49720

File size:
1.8 MB (1,931,184 bytes)

Product version:
2.5.0

Copyright:
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\virtualrouterplussetup.exe

File PE Metadata
Compilation timestamp:
9/11/2012 4:58:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:eGW+n9O5ORieju6acTiIZFG4Hsv7QufPQ5V:BnA5ORieju6ZZE0sv7Q9V

Entry address:
0x6AABB

Entry point:
60, 89, CE, BB, E1, F4, 15, B7, 85, D0, C6, C5, 09, 20, F3, EB, 05, B9, 2F, 37, 78, 2C, F7, C2, 45, D9, 80, DC, 0F, AF, F3, 75, 02, 30, F1, BB, 35, 1E, 66, 0C, E8, 79, 00, 00, 00, 8D, 05, 44, 60, 6E, 8A, 41, 86, FE, 81, F2, B7, 1C, 7A, 62, 34, 99, F6, C0, 95, 85, C0, 8B, F3, 69, F7, 00, BB, A8, 76, C7, C5, 5C, 0F, D3, 33, 81, CD, 4D, 05, 7E, 2F, 87, D3, FF, CB, 22, FC, 51, 0F, B6, EC, 5E, 39, CB, 8D, 15, B4, 20, C2, 58, 0F, B6, D5, 0F, B6, DD, 8D, 15, 0B, 8A, CF, 21, 8B, CE, EB, 05, C6, C6, 6F, FE, C7, 1A...
 
[+]

Code size:
697 KB (713,728 bytes)

The file virtualrouterplussetup.exe has been seen being distributed by the following URL.

http://virtualrouter-plus.fr.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAP8H3OMTgXJzFu/IPX5wqZixhBeibpo6fnk0V3NYM/XUc5Ekkh9YwB/F HyfXSust7ii4QZlA/.../vUKEsI2gom4oqNwebT4hC8My2PckTWBJf7sy9b0iUa7gWBzvostJ8fcB4E8IFAsYtQ3OA==

Remove virtualrouterplussetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.