home

quicktimeplayer-setup.exe

Tucows Inc.

The application quicktimeplayer-setup.exe by Tucows has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from service.downloadadmin.com.
Publisher:
Tucows Inc.  (signed and verified)

MD5:
b97935505cc33ae86149da9ab88cccab

SHA-1:
3eb2d9646d9bfad072569a6feda2dcbcd5a8009a

SHA-256:
13051aef2ca05b081a5cb09bf0f1c70d2f73ffeaef767c87db3fcf16a5a4823f

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/24/2024 11:37:47 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Tucows
2015.0.3252

Dr.Web
Adware.Downware.2220
9.0.1.05190

ESET NOD32
Win32/DownloadAdmin.G potentially unwanted application
7.0.302.0

F-Secure
Spyware: Adware:W32/WebInstallBundle
5.13.68

McAfee
Trojan.Artemis!B97935505CC3
16.8.708.2

Norman
InstallCore.WQEC
11.20141223

Qihoo 360 Security
Malware.QVM28.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Tucows
15.1.21.15

VIPRE Antivirus
Threat.4783369
35418

File size:
1.1 MB (1,117,952 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Digital Signature
Signed by:
Tucows Inc.

Authority:
COMODO CA Limited

Valid from:
8/21/2013 1:00:00 AM

Valid to:
8/21/2016 12:59:59 AM

Subject:
CN=Tucows Inc., O=Tucows Inc., STREET=96 Mowat Ave., L=Toronto, S=Ontario, PostalCode=M6K 3M1, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A452F2DD2EEA6072814A28EF2F01AEE

File PE Metadata
Compilation timestamp:
6/22/2012 7:07:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:6g44Az765h/arq6BmwA0g/dv+iUJY57xQMUkWIJpZ:D07Qarq6BmEWJ+bY5UVIV

Entry address:
0x333B

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0B, 24, 00, 00...
 
[+]

Entropy:
6.1399

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file quicktimeplayer-setup.exe has been seen being distributed by the following URL.

http://service.downloadadmin.com/download/.../dl?brand=tucows.com&pid=tucows&bc=695281&country=GB&cb=-934436409

Remove quicktimeplayer-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.