home

hd codec5 setup.exe

The application hd codec5 setup.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
MD5:
35a6c3828215ecb8fc76b232126053cf

SHA-1:
9c340bfb3c04a6df74b8e34cd0a2200d212c0879

SHA-256:
f9d3abeb93bd0cc7d296552b522c1bf72220495d40f460429f950f380b7d800c

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
4/18/2024 10:51:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.I
901

Agnitum Outpost
PUA.Somoto
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.08.16

Avira AntiVirus
APPL/Somoto.Gen2
7.11.167.118

avast!
Win32:PUP-gen [PUP]
2014.9-140817

AVG
AdInstaller.Somoto
2015.0.3379

Baidu Antivirus
Hacktool.Win32.Downloader
4.0.3.14817

Bitdefender
Application.Bundler.Somoto.I
1.0.20.1145

Comodo Security
Application.Win32.Somoto.A
19197

Dr.Web
Adware.Downware.6183
9.0.1.0229

ESET NOD32
Win32/DownWare
8.10259

F-Prot
W32/SomotoBetterInstaller.A
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2014-17-08_1

G Data
Application.Bundler.Somoto
14.8.24

K7 AntiVirus
Trojan
13.183.13054

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3391

Malwarebytes
PUP.Optional.Somoto.A
v2014.08.17.08

McAfee
Artemis!35A6C3828215
5600.7035

MicroWorld eScan
Application.Bundler.Somoto.I
15.0.0.687

NANO AntiVirus
Trojan.Win32.Somoto.csrqje
0.28.2.61519

Panda Antivirus
PUP/MultiToolbar.A
14.08.17.08

Qihoo 360 Security
Win32/Application.5d6
1.0.0.1015

Sophos
Somoto BetterInstaller
4.98

Trend Micro House Call
TROJ_GEN.R047B01G914
7.2.229

Trend Micro
TROJ_GE.5FD5FCBF
10.465.17

Vba32 AntiVirus
Signed-AdWare.BetterInternet.SomotoLtd
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32236

File size:
342.4 KB (350,587 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hd codec5 setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ee349w6ntAXYqjHPTDX+kMAt5q2pd5A8WhnjyOpYRNLzO4BuFGoUM3pqoeIGE:2Ht4uAbJd5A8enuOe1BuFGoLgzE

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9107

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hd codec5 setup.exe has been seen being distributed by the following URL.

http://go34down.com/dwnld/.../HD CODEC5 setup.exe

Remove hd codec5 setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.