home

setup.exe

HD Player

Install Helper

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Install Helper has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Install Helper Apr8  (signed by Install Helper)

Product:
HD Player

Version:
3.0.0.95

MD5:
6317abe7b55e0151a60443c7686bf42b

SHA-1:
4bcad9d0bdec40b5a0ea0d026a0dc9e5dcb69866

SHA-256:
06a55c6c25b9455d861d94e932f73e1bc566e565acf8574adeec326dfb245474

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 1:16:29 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2015.04.18

avast!
Adware-CKN [PUP]
2014.9-151127

AVG
Potentially harmful program Downloader
2016.0.2913

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Vittalia.55
9.0.1.0331

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
9.7.0.302.0

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.9.0

NANO AntiVirus
Trojan.Win32.Vittalia.dqfrig
0.30.16.1110

Reason Heuristics
PUP.Vittalia.InstallHelper.Installer (M)
15.11.27.4

Rising Antivirus
PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520
23.00.65.151125

VIPRE Antivirus
Threat.4782985
38882

File size:
1.1 MB (1,103,072 bytes)

Product version:
3.0.0.95

Copyright:
(c) Install Helper Apr8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Install Helper

Authority:
Symantec Corporation

Valid from:
4/7/2015 8:00:00 PM

Valid to:
4/7/2016 7:59:59 PM

Subject:
CN=Install Helper, O=Install Helper, L=Vancouver, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
12BD7CFFA8EBCF8A714AC3D6E068484C

File PE Metadata
Compilation timestamp:
1/30/2013 9:21:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:PxG9CqDJKzaKbyQCfaoOTlpmgiTntwN5wOiAQMdDBV7LwVKHqan:4ZJKWKzCSoOTzETtL8QM5fjjn

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
6.9517

Developed / compiled with:
Microsoft Visual C++

Code size:
65.5 KB (67,038 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.