» setup.exe
Overview
Analysis
File Details

setup.exe

VID PLAY

The application setup.exe by VID PLAY has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup.

File name:

setup.exe

Publisher:

VID PLAY (signed and verified)

MD5:

89e459f370bf1141aaec92d350d38125

SHA-1:

faff9f751023dbeb3660ecc7ef2311d8618c5a8b

SHA-256:

d10bc581629b74a2e51bb88e04e3a8d9841546e55ad21b5860de4ae65974c2ee

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 10:52:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

MemScan:Application.Bundler.JU

680

Agnitum Outpost

PUA.Downloader

7.1.1

avast!

PUP-gen [PUP]

2014.9-150327

AVG

Potentially harmful program Downloader

2016.0.3158

Bitdefender

MemScan:Application.Bundler.JU

1.0.20.430

Comodo Security

Application.Win32.AltBrowse.HY

21554

Dr.Web

infected with Trojan.OutBrowse.68

9.0.1.086

Emsisoft Anti-Malware

MemScan:Application.Bundler.JU

8.15.03.27.06

ESET NOD32

Win32/OutBrowse.BU potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

3/27/2015

F-Secure

Riskware.MemScan:Application.Bundler.JU

11.2015-27-03_6

G Data

MemScan:Application.Bundler.JU

15.3.25

herdProtect (fuzzy)

variant of kmspico_10.0.3.exe (Adware)

2015.7.2.1

K7 AntiVirus

Trojan

13.202.15399

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.2284

Malwarebytes

PUP.Optional.OutBrowse

v2015.03.27.07

McAfee

Program.Adware-OutBrowse.e

5600.6814

MicroWorld eScan

MemScan:Application.Bundler.JU

16.0.0.258

NANO AntiVirus

Trojan.Win32.OutBrowse.dmiaid

0.30.8.659

Norman

OutBrowse.BS

11.20150327

Quick Heal

Adware.NSIS.OutBrowse.A

3.15.14.00

Reason Heuristics

PUP.Installer.Outborwse

15.3.27.7

Sophos

Generic PUA GO

4.98

Vba32 AntiVirus

Downloader.OutBrowse

3.12.26.3

VIPRE Antivirus

Threat.4657539

38552

File size:

569.8 KB (583,512 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

VID PLAY

Authority:

thawte, Inc.

Valid from:

1/9/2015 2:00:00 AM

Valid to:

12/18/2015 1:59:59 AM

Subject:

CN=VID PLAY, O=VID PLAY, L=Dublin, S=Dublin, C=IE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

525F3296FA386B468C94FE7C259A69E8

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:+VWhlXa3YJDgIhCX2i950jVSLgyo4ar2N0VsrV0Pl0eq:+shlqSDhHM2Sckar2NmsSl0F

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9769

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.