× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba1724250dd2ac9d67e33db2897d55070bfa6b2ecef835aa683e2afd3259ee48
File name: setup.exe
Detection ratio: 54 / 67
Analysis date: 2017-12-30 19:31:53 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.22390 20171225
AegisLab Troj.Dropper.W32.Demp.azf!c 20171230
AhnLab-V3 Backdoor/Win32.Azbreg.R147998 20171230
ALYac Gen:Variant.Zusy.22390 20171230
Antiy-AVL Trojan[Dropper]/Win32.Injector 20171230
Arcabit Trojan.Zusy.D5776 20171230
Avast Win32:Malware-gen 20171230
AVG Win32:Malware-gen 20171230
Avira (no cloud) TR/Dropper.MSIL.Gen 20171230
AVware Trojan.Win32.Generic!BT 20171230
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9914 20171227
BitDefender Gen:Variant.Zusy.22390 20171230
CAT-QuickHeal Trojan.Generic.FC.1088 20171230
ClamAV Win.Trojan.Ainslot-152 20171230
CMC Trojan-Dropper.Win32.Demp!O 20171229
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171230
Cyren W32/Trojan.AKUD-1305 20171230
DrWeb Trojan.DownLoader5.31868 20171230
eGambit Unsafe.AI_Score_76% 20171230
Emsisoft Gen:Variant.Zusy.22390 (B) 20171230
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Ainslot.AA 20171230
F-Secure Gen:Variant.Zusy.22390 20171230
Fortinet W32/Ainslot.AA 20171230
GData Gen:Variant.Zusy.22390 20171230
Ikarus Trojan.MSIL.Agent 20171230
Jiangmin Trojan/Jorik.dnsl 20171230
K7AntiVirus Riskware ( 0015e4f01 ) 20171230
K7GW Riskware ( 0015e4f01 ) 20171230
Kaspersky HEUR:Worm.Win32.Generic 20171230
Kingsoft Win32.Troj.Undef.(kcloud) 20171230
MAX malware (ai score=100) 20171230
McAfee RDN/Generic Dropper 20171230
McAfee-GW-Edition BehavesLike.Win32.Gupboot.fc 20171230
eScan Gen:Variant.Zusy.22390 20171230
NANO-Antivirus Trojan.Win32.Ainslot.dtkyyi 20171230
Palo Alto Networks (Known Signatures) generic.ml 20171230
Panda Generic Malware 20171230
Qihoo-360 Win32/Trojan.abb 20171230
Rising Worm.Ainslot!8.53E (TFE:C:j8aZhh2WKXJ) 20171230
Sophos AV Mal/Generic-S 20171230
Symantec Trojan.Gen 20171229
Tencent Win32.Worm.Ainslot.Hsid 20171230
TheHacker Trojan/Ainslot.aa 20171229
TrendMicro TROJ_DROPPER.ZWG 20171230
TrendMicro-HouseCall TROJ_DROPPER.ZWG 20171230
VBA32 TrojanDropper.Injector 20171229
VIPRE Trojan.Win32.Generic!BT 20171230
Webroot W32.Worm.Gen 20171230
Yandex Worm.Ainslot!cLz9LNprKUs 20171229
Zillya Dropper.Demp.Win32.1035 20171229
ZoneAlarm by Check Point HEUR:Worm.Win32.Generic 20171230
Alibaba 20171229
Avast-Mobile 20171229
Bkav 20171229
Comodo 20171230
F-Prot 20171230
Sophos ML 20170914
Malwarebytes 20171230
Microsoft 20171230
nProtect 20171230
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20171230
Symantec Mobile Insight 20171230
Trustlook 20171230
ViRobot 20171230
WhiteArmor 20171226
Zoner 20171230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2002-2010 Mark Russinovich and Bryce Cogswell

Product Sysinternals autoruns
Original name autoruns.exe
Internal name Sysinternals Autoruns
File version 10.07
Description Autostart program viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-12 17:26:51
Entry Point 0x0000D41E
Number of sections 3
.NET details
Module Version ID 4957ffb4-3b0d-49a9-b037-a21ed7ea3a61
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
347136

ImageVersion
0.0

ProductName
Sysinternals autoruns

FileVersionNumber
10.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
autoruns.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.07

TimeStamp
2012:03:12 18:26:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sysinternals Autoruns

ProductVersion
10.07

FileDescription
Autostart program viewer

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2002-2010 Mark Russinovich and Bryce Cogswell

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
46592

FileSubtype
0

ProductVersionNumber
10.7.0.0

EntryPoint
0xd41e

ObjectFileType
Executable application

File identification
MD5 919374a229038ab2a8752790709ff7fc
SHA1 173efc2873c83dbf9a84a3337a80b3cb60ac3496
SHA256 ba1724250dd2ac9d67e33db2897d55070bfa6b2ecef835aa683e2afd3259ee48
ssdeep
6144:rGp+nGfqqeIZaJTwHN7ERQ9jB79Xii4iqQr9wA6XSF9Qott6C8lL4UPUus11YYPh:6QnXqeIcaHN7EW9R9dDqRAZ6R0xz

authentihash de45c741dd205c0ca2ed38bb27a97970b522609d1e5ece5d580889132fba4a06
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 385.0 KB ( 394240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2012-03-15 20:15:50 UTC ( 6 years, 3 months ago )
Last submission 2017-12-30 19:31:53 UTC ( 5 months, 2 weeks ago )
File names setup.exe
IEShims.exe
setup.exe
setup.exe
IEShims.exe
IEShims.exe
file-6369170_exe
autoruns.exe
setup.exe
919374A229038AB2A8752790709FF7FC
1341405347.919374A229038AB2A8752790709FF7FC
m0zhfm0q.3qo
Sysinternals Autoruns
setup.exe
setup.exe
setup (1).exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!