home

hd codec setup3.exe

The application hd codec setup3.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
MD5:
443f8ae026fef93a29ac7d598b7bfc94

SHA-1:
e7b67ee4ac2103afe0c66845ee09600545ee7121

SHA-256:
6090b59759ed687690fd2f85bf472cd9cd3592cff036f7c42243c5f5709e6d94

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
4/19/2024 2:46:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.I
928

Agnitum Outpost
PUA.Somoto
7.1.1

Avira AntiVirus
APPL/Somoto.Gen2
7.11.163.22

avast!
Win32:PUP-gen [PUP]
2014.9-140721

AVG
AdInstaller.Somoto
2015.0.3406

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.14721

Bitdefender
Application.Bundler.Somoto.I
1.0.20.1010

Comodo Security
Application.Win32.Somoto.A
18915

Dr.Web
Adware.Somoto.17
9.0.1.0202

ESET NOD32
Win32/DownWare
8.10126

F-Prot
W32/SomotoBetterInstaller.A
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2014-21-07_2

G Data
Application.Bundler.Somoto
14.7.24

K7 AntiVirus
Trojan
13.181.12775

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3525

Malwarebytes
PUP.Optional.Somoto.A
v2014.07.21.10

McAfee
RDN/Generic PUP.x!c2e
5600.7062

MicroWorld eScan
Application.Bundler.Somoto.I
15.0.0.606

NANO AntiVirus
Trojan.Win32.Somoto.csrqje
0.28.2.60881

Panda Antivirus
PUP/MultiToolbar.A
14.07.21.10

Qihoo 360 Security
Win32/Application.5d6
1.0.0.1015

Quick Heal
Downloader.NSIS.r5 (Not a Virus)
7.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.17018495!385975445
23.00.65.14719

Sophos
Somoto BetterInstaller
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PGC14
7.2.202

Trend Micro
TROJ_GEN.R0CBC0PGC14
10.465.21

Vba32 AntiVirus
Signed-AdWare.BetterInternet.SomotoLtd
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31450

File size:
342.4 KB (350,601 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hd codec setup3.exe

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ee349aFqjHPTDX+kMAt5q2pd5A8Whns3m0u4aTSYuFMgen7ksQzsGU:2fuAbJd5A8ens303SYuwksoHU

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9112

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hd codec setup3.exe has been seen being distributed by the following 2 URLs.

http://go34down.com/dwnld/.../HD CODEC setup3.exe

http://go34down.com/dwnld/.../HD CODEC setup101.exe

Remove hd codec setup3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.