home

hdvideoplayer_2564865984.exe

Nesino

Secure Software Products

The application hdvideoplayer_2564865984.exe, “Nesino Setup ” by Secure Software Products has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headmetavault.com.
Publisher:
Secure Software Products  (signed and verified)

Product:
Nesino

Description:
Nesino Setup

Version:
1.7.3.5

MD5:
ff08f79ffcad81c71759507c6a03a4b7

SHA-1:
6cede1c30b62afb7d9b91c96f74b0cd5d98c18db

SHA-256:
debb055a540b4c75ce8c2dc753d59ed5c7f4489548787529eb3eaa73def1f177

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/24/2024 11:45:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.15.23

File size:
948.4 KB (971,144 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdvideoplayer_2564865984.exe

Digital Signature
Signed by:
Secure Software Products

Authority:
GoDaddy.com, Inc.

Valid from:
4/20/2016 2:59:38 AM

Valid to:
4/20/2017 2:59:38 AM

Subject:
CN=Secure Software Products, O=Secure Software Products, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E7095902F2C0288

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9361

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hdvideoplayer_2564865984.exe has been seen being distributed by the following URL.

http://www.headmetavault.com/kskia sO454ItiTHFiT0Xrt8cwlXDMVx 7sWYmqpgR_DkEvrlyVMtlljaB5xplYitOk9sz8FuF5MX1A 5bu8ats9IeWJ UU0m6t901pK7_EvVkx7MBTNhb8angVzyaQKodjlNHoYdxXoX33ElxP0R_ZCG_AG3b4EVui11IAN5sk8GFZTsYyRALTVMDfMmNtshX RCizyq8wB0enM6LnIwES3kwFtU1nyfnfzMlATUfz0ds4TefvAIu9Q8ujHJYa0EZniChs9iSaODo K78NJ5f1ALuWV4NvwMB4T60VZVk8hU6UkgVMETtetmmbBfgl0mWE8SpfApxbVcS02u1NCSL6yLGcujKuTS_1beb hFo9bB1a19wsFuPu86Y 3A 6PLlZuKNRw7bJ7TWmZlV5Y Wg9Ks7cmqYasx69J21eQ PsBL5tSKGJZArb1kmKl1QuPQWHDFILGAUuh2ov3 fXWmtYZfdhKzVhkHtOavfN7LUTogo4M45qZ1sU9nPCcbNjESSiv5eQGQH26EV6X8MzKw6ciKksLqXr3c0pm1edTyifZjbwKdTzDDbXfWzjnF48khRRXuQgP1tfJSPcksFULE5HyqThcdqF3EqMwGFhbho3DXe Tfnp6Bh15kZL7sdSSW2X1BcOn6jNhZLxKTCXURs_qW2elSCWBGSuK83too8iKpKhCPtSHX2afckJkraLlDs0rQMadkOxCteFmmrCYGSM5J wEsC63zayqZdzD8WJVcb11Da05ViV zfHwDpOGOfZL5llJveHNYpXT52Q8lRErUlBA1iJAypy_jzk13AQHReyDYgIh6gWOdMQF7KeKihxDiIs-Gy4AAEQ3F5slGeyny9EFwR_D5eddCCcCLSS3DuTGa74Jz DR685Mk8IaPXTgdNGPAg==

Remove hdvideoplayer_2564865984.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.