Setup.exe

Vlc Player

DOWNLOADIOUS

The file Setup.exe by DOWNLOADIOUS has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.hdnowathome.com.
Publisher:
Downloadius  (signed by DOWNLOADIOUS)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
9092d891a4b17097f9fb9c7af2483775

SHA-1:
d5b1eff29673ac78889a438ae846c9f1160eb7d3

SHA-256:
e1937a19a8e43bf8cffbf4b39d40c723cfc93ad533f92d8162c7623d15040926

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
5/25/2020 11:46:36 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.15325

ESET NOD32
Win32/Toolbar.Montiera
9.10505

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.Montiera
v2015.03.25.07

NANO AntiVirus
Trojan.Win32.Toolbar.dgukom
0.28.6.63850

Reason Heuristics
PUP.Installer.DOWNLOADIOUS
15.3.25.19

Trend Micro House Call
Suspicious_GEN.F47V0929
7.2.84

Trend Micro
TROJ_SPNR.0CKM14
10.465.25

File size:
553.2 KB (566,504 bytes)

Product version:
2.0

Copyright:
Downloadius

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/1/2014 6:00:00 PM

Valid to:
4/16/2015 5:59:59 PM

Subject:
CN=DOWNLOADIOUS, O=DOWNLOADIOUS, L=TEL AVIV, S=ISRAEL, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67AAAF219EFE0304E095EA03F4AB7E9B

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:xEIap+6EBr/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaY+:WIap+6EBwwcfpYcPBSB/igB2WLn/+

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9734

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://www.hdnowathome.com/.../downloader.php?aflt=CD3789&cid=b90c2c49dafa7ef66c40314a025a536d

Remove Setup.exe - Powered by Reason Core Security