setup_1096_MTE1NXwzNXww_.exe (false negative)


setup_1096_MTE1NXwzNXww_.exe is a malware sample from hxxp://, which no longer exists, but may come back anytime. CIMA reports that this file is not suspicious, but in fact it is a fake security app. I can PM the sample if you wish.


Hello Darth Trader,

Could you please submit the file to us.

To know how to submit the file to us, please check the following link,

How to report/submit false positives

Much appreciated. :slight_smile:


Hello Baskar,

The file was submitted last night with “CIMA FALSE NEGATIVE…” in the subject line.

Baskar, please have a look at this page:

-Removed by 3xist for Safety Reasons of our users-

This page has a list of recently discovered malware sites. Look for sites like “anti-spyware-this” or “anti-virus-that” and you can download and test the very latest malware samples. This list is updated several times a day.


Hi Darth.

Please Email the link to Basker. I removed the link to prevent users from accidentally clicking on infected links, etc.


Hello 3xist,

I have just PMed the link to Baskar. Please be advised that I do not intend to submit many malware files for analysis. I think the researchers should be “proactive” at finding samples. :slight_smile:

Some these sites are being taken down:

But there are still plenty of live ones left and more are being added to “hphosts-partial” list every day. I spend a lot of time looking for those sites and making sure they get added to that list.