home

hdvideoplayer_0999887327.exe

Nesino

Secure Software Products

The application hdvideoplayer_0999887327.exe, “Nesino Setup ” by Secure Software Products has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headmetavault.com.
Publisher:
Secure Software Products  (signed and verified)

Product:
Nesino

Description:
Nesino Setup

Version:
1.7.3.5

MD5:
64b00c0e517a123f4aa651449844a60e

SHA-1:
5156045ca8c0de6bf5a0cde24d3bc51724e312e3

SHA-256:
d3cfc19b9b6f8c8ed3ee80e02f0e4066fbec3cbd86efb1321a90eda99de27d2b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 10:31:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.13

File size:
948.4 KB (971,144 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\hdvideoplayer_0999887327.exe

Digital Signature
Signed by:
Secure Software Products

Authority:
GoDaddy.com, Inc.

Valid from:
4/20/2016 12:29:38 AM

Valid to:
4/20/2017 12:29:38 AM

Subject:
CN=Secure Software Products, O=Secure Software Products, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E7095902F2C0288

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9361

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hdvideoplayer_0999887327.exe has been seen being distributed by the following URL.

http://www.headmetavault.com/Us8Q8jJyjFUtvmExDwD2e9TpzrPn8DGaCVgwtF4ascIx6MzVT_SpBnjMeOo95jM4eIq6iIAWoBj FfBpKfkcdUttVi5vv1tn6MNSEGXLI_RcJFxVCt1HC_1usfR3OZYj1SAVPHzLAeCQ2vgr1pTBn3fKJAM9Vmnfz4RYNFT5q0xaGTTTorTEaGUt0lEN1S4sTJHg3Okix_GvF7Z2JjirZg9urxMQtuJFavc6JtF8yy_fBUD7g0xOw9z0iuvgNAiCDhJN9OqGbeHzGyoHfFfOo7wL5O3zAClVhg1w5AgwFCmZpssMbM7Y4oYUGPp4Lk7OzH5Sddvj0dYmxsDg6Jg5KJl2MfgIniwS0Gijgs6sT4snW8AvHDJlKQ7V9wTCGTaQuENZmjQkJmynYQLQEusoQQXXNg4Ws4Al9kFoDGxO_dUIN3i j_tUVs7gflCLLR qHusiwB1VjT0l8mng3m7IL97iJ6xM6hHxJG1rsHsEKnOI5d2kT4r8bQYHGVn1kPF8uVL8xU uSD4mWiWeAIE6Ao7unLOBMCSZDl_HNerkFwp651oQoEEaS3hG Smo DY3dr9cDTQsjaWyKUkaBP0wMZLeUvGViCrA_cvLE20akC1yHCpJam9S_sVF5ZYv3eYSEHLLZHXnU0gkv10IXL6tQZqlHCYsA5KBQO5fHcIlHTeTNrCWKO9bT6lzpRpJ9o Nd3IDmrR51vmD_NsHaq0bNpe8LfU_Y4VSFdJltuH3IVYAjxxM_T2sRKQMdyTF8MB9 OsE2o4peP0kL93A6VHNb5 3sGeRx 3qaSsDkGmGoFfm5N nvifv kLD2O8tKLPhDOrLNAlYXUbLK8MUgI_4ubiefGehtewL8U0XGUqbcgL58S6BGcyrLhHT9Yzw4UWlU4sVu9P6gR2gEhqVrvX7DDwI7dgqPDYnKGoa0kR0IrmQXRRzdxXvHomLUyAAnoRamfvtBIgf-Gy

Remove hdvideoplayer_0999887327.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.