SETUP32.EXE – Unclassified Malware

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SETUP32.EXE – Unclassified Malware removal

SETUP32.EXE size: 491520 bytes
SETUP32.EXE hash: FF324BFBD0697E4BA807A49C1DCE6B30

Created files:

%TEMP%\WZSE0.TMP\Arabic.iso8859_6.ldt
%TEMP%\WZSE0.TMP\Arabic.utf8.ldt
%TEMP%\WZSE0.TMP\Arabic.windows1256.ldt
%TEMP%\WZSE0.TMP\BabyFox.dll
%TEMP%\WZSE0.TMP\Babylon.exe
%TEMP%\WZSE0.TMP\BabylonAgent.exe
%TEMP%\WZSE0.TMP\BabylonIEPI.dll
%TEMP%\WZSE0.TMP\BabylonOfficePI.dll
%TEMP%\WZSE0.TMP\BabylonRPI.api
%TEMP%\WZSE0.TMP\Babylon_Chinese_S__English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Chinese_T__English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Dutch_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_English_Chinese_S__sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Chinese_T__sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Dutch_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_French_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_German_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Hebrew_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Italian_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Japanese_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Korean_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_English_Portuguese_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Russian_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Spanish_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_English_Swedish_sub.bgl
%TEMP%\WZSE0.TMP\Babylon_French_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_German_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Hebrew_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Hebrew_Thesaurus_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Italian_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Japanese_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Portuguese_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Russian_English_sub.BGL
%TEMP%\WZSE0.TMP\Babylon_Spanish_English_sub.BGL
%TEMP%\WZSE0.TMP\BabyServices.dll
%TEMP%\WZSE0.TMP\bab_hlp_static.bgl
%TEMP%\WZSE0.TMP\BContentServer.dll
%TEMP%\WZSE0.TMP\BContentServerExt.dll
%TEMP%\WZSE0.TMP\BDesktopAgent.dll
%TEMP%\WZSE0.TMP\BException.dll
%TEMP%\WZSE0.TMP\Bulgarian.iso8859_5.ldt
%TEMP%\WZSE0.TMP\Bulgarian.utf8.ldt
%TEMP%\WZSE0.TMP\captlib.dll
%TEMP%\WZSE0.TMP\Chinese (S).gb2312.ldt
%TEMP%\WZSE0.TMP\Chinese (T).big5.ldt
%TEMP%\WZSE0.TMP\Czech.iso8859_2.ldt
%TEMP%\WZSE0.TMP\Czech.utf8.ldt
%TEMP%\WZSE0.TMP\Danish.ldt
%TEMP%\WZSE0.TMP\Dutch.ldt
%TEMP%\WZSE0.TMP\English.ldt
%TEMP%\WZSE0.TMP\English.shlomi.ldt
%TEMP%\WZSE0.TMP\French.ldt
%TEMP%\WZSE0.TMP\German.ldt
%TEMP%\WZSE0.TMP\Greek.iso8859_7.ldt
%TEMP%\WZSE0.TMP\Greek.utf8.ldt
%TEMP%\WZSE0.TMP\Hebrew.iso8859_8.ldt
%TEMP%\WZSE0.TMP\Hebrew.utf8.ldt
%TEMP%\WZSE0.TMP\Hindi.ldt
%TEMP%\WZSE0.TMP\Hindi.utf8.ldt
%TEMP%\WZSE0.TMP\Hungarian.ldt
%TEMP%\WZSE0.TMP\Italian.ldt
%TEMP%\WZSE0.TMP\Japanese.euc_jp.ldt
%TEMP%\WZSE0.TMP\Japanese.shift_jis.ldt
%TEMP%\WZSE0.TMP\Japanese.utf8.ldt
%TEMP%\WZSE0.TMP\Korean.ldt
%TEMP%\WZSE0.TMP\Korean.utf8.ldt
%TEMP%\WZSE0.TMP\MyBabylonFF.exe
%TEMP%\WZSE0.TMP\MyBabylonIE.exe
%TEMP%\WZSE0.TMP\Norwegian.ldt
%TEMP%\WZSE0.TMP\Polish.iso8859_2.ldt
%TEMP%\WZSE0.TMP\Polish.utf8.ldt
%TEMP%\WZSE0.TMP\Portuguese.brazil.ldt
%TEMP%\WZSE0.TMP\Portuguese.europe.ldt
%TEMP%\WZSE0.TMP\Romanian.ldt
%TEMP%\WZSE0.TMP\Russian.iso8859_5.ldt
%TEMP%\WZSE0.TMP\Russian.koi8_r.ldt
%TEMP%\WZSE0.TMP\Russian.utf8.ldt
%TEMP%\WZSE0.TMP\Russian.windows1251.ldt
%TEMP%\WZSE0.TMP\Serbian.ascii.ldt
%TEMP%\WZSE0.TMP\Serbian.cyrillic-utf8.ldt
%TEMP%\WZSE0.TMP\Setup32.exe

Detected by UnHackMe:

SETUP32.EXE
Default location: %TEMP%\WZSE0.TMP\SETUP32.EXE

Dropper information:
MD5: 181db96cd3de1556de6ff6ab82042305
File size: 7995624 bytes

Leave a Reply