» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

vGrabber

http://vgrabber.org

The application setup.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.mynicepicks.com.

File name:

setup.exe

Publisher:

http://vgrabber.org

Product:

vGrabber

Description:

vGrabber setup

Version:

1.14

MD5:

90c726412ec20807eae6c1a3d72aecdd

SHA-1:

a739b4795554accb02e9e5dd50b09837f706be0d

SHA-256:

8a7ff3e6b4c0ae8841d9ba61c4516de92796c28a9fe5b851a0adb2ce48cd3fd8

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

5/8/2024 5:33:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Zugo.E

1008

Avira AntiVirus

Adware/Zugo.C.2

7.11.133.136

avast!

NSIS:Ezula-BC [Adw]

2014.9-140502

Bitdefender

Adware.Zugo.E

1.0.20.610

Dr.Web

Adware.SweetIM.3

9.0.1.0122

Emsisoft Anti-Malware

Adware.Zugo

8.14.05.02.02

Fortinet FortiGate

Adware/Zugo

5/2/2014

F-Secure

Adware.Zugo.E

11.2014-02-05_6

G Data

Adware.Zugo

14.5.24

K7 AntiVirus

Riskware

13.176.11256

Malwarebytes

PUP.BundleInstaller.VG

v2014.05.02.02

McAfee

Artemis!90C726412EC2

5600.7142

MicroWorld eScan

Adware.Zugo.E

15.0.0.366

NANO AntiVirus

Riskware.Nsis.Downware.yrefc

0.28.0.58101

nProtect

Adware.Zugo.E

14.02.25.01

Sophos

vGrabber

4.97

Trend Micro House Call

TROJ_HEUR_0000028.TOMA

7.2.122

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26824

File size:

330.4 KB (338,378 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:yscQ7/bI8l0OGq4dqDjVB8z4qyVX5w6zrnRB3dmyJrb7U2qt0Pet:Wo/bI8WPdgbzqg5w6zrRBNpAQPM

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9303

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.mynicepicks.com/download/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.