» setup.exe
Overview
Analysis
File Details

setup.exe

VLC Installer

INSTALLER TECHNOLOGY CO.

This installer routine uses the Babylon network to include bundled offers of potentially unwanted programs (mostly search adware) such as toolbars and browser extensions. The application setup.exe by INSTALLER TECHNOLOGY CO has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

setup.exe

Publisher:

NNG (signed by INSTALLER TECHNOLOGY CO.)

Product:

VLC Installer

Description:

Applcation

Version:

1.20.1.1

MD5:

13098321b652527ae9710d60c49b275f

SHA-1:

29241d0014d49eb187e5ce6f07d168dea5396363

SHA-256:

51f19357cbc8daf852a4edbd7f164c299f818c5512a80dd493cbe2f69ecae29f

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:06:34 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Techon-M [Adw]

2014.9-160128

Malwarebytes

Adware.Agent

v2016.01.28.04

Reason Heuristics

PUP.INSTALLERTECHNOLOGYCO.Installer (M)

16.1.28.16

Trend Micro House Call

HV_DOWNLOADER_CA0837F7.TOMC

7.2.28

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4786240

32210

File size:

170.6 KB (174,664 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\roaming\launcher\setup.exe

Digital Signature

Signed by:

INSTALLER TECHNOLOGY CO.

Authority:

VeriSign, Inc.

Valid from:

10/4/2012 9:00:00 PM

Valid to:

10/6/2013 8:59:59 PM

Subject:

CN=INSTALLER TECHNOLOGY CO., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INSTALLER TECHNOLOGY CO., L=Miami, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

61DB0858B233331E32FD2CE3F0C5CD55

File PE Metadata

Compilation timestamp:

12/5/2009 7:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:1gXdZt9P6D3XJ7455vOV/xCueNgc1Wa2jUudMmk/6Yzp5h/REtdsXKAQdMJXfTQD:1e34t2vgbl42j/d8/6+p5hpEtEKQJSRd

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.