home

Setup.exe

Vlc Player

2432300 ONTARIO LTD.

The file Setup.exe by 2432300 ONTARIO has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.myohmyhdplayer.com.
Publisher:
Downloadius  (signed by 2432300 ONTARIO LTD.)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
fc5d29e39622b7993842b06009c44ffb

SHA-1:
5ed4eb621150d8c86f5cb605787c5439eb20f1de

SHA-256:
bd8eddb379d3e3e9f891b65f0e95279c48faaad38b7c6fe9c4122b4e3e7e4833

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 9:48:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1935474
822

avast!
Win32:Malware-gen
2014.9-141104

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14114

Bitdefender
Trojan.GenericKD.1935474
1.0.20.1540

Emsisoft Anti-Malware
Trojan.GenericKD.1935474
8.14.11.04.11

ESET NOD32
Win32/Toolbar.Montiera
8.10630

F-Secure
Trojan.GenericKD.1935474
11.2014-04-11_3

G Data
Trojan.GenericKD.1935474
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Montiera
v2014.11.04.11

McAfee
Artemis!FC5D29E39622
5600.6956

MicroWorld eScan
Trojan.GenericKD.1935474
15.0.0.924

NANO AntiVirus
Trojan.Win32.Toolbar.dgukom
0.28.2.62841

nProtect
Trojan.GenericKD.1935474
14.10.27.01

Rising Antivirus
PE:Trojan.Win32.Generic.17828698!394430104
23.00.65.141102

Total Defense
Win32/Tnega.YWNXfbB
37.0.11253

VIPRE Antivirus
Trojan.Win32.Generic
34298

File size:
555.7 KB (569,048 bytes)

Product version:
2.0

Copyright:
Downloadius

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
2432300 ONTARIO LTD.

Authority:
COMODO CA Limited

Valid from:
9/10/2014 5:00:00 PM

Valid to:
9/11/2015 4:59:59 PM

Subject:
CN=2432300 ONTARIO LTD., O=2432300 ONTARIO LTD., STREET="120 East Beaver Creek Rd., Suite 200", L=Richmond Hill, S=Ontario, PostalCode=L4B 4V1, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CE1C02B9F51B89117BE0CB72105BDC72

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zEaI39lD0r/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaY9:oaI3IwwcfpYcPBSB/igB2WLn/9

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9736

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://www.myohmyhdplayer.com/.../downloader.php?aflt=CD14820&cid=de519db1dd0e8199a921e3b996bd9154

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.