home

setup_min.exe

VisualBee

Visual Software Systems LTD

The application setup_min.exe by Visual Software Systems has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Visual Software Systems LTD  (signed and verified)

Product:
VisualBee

Version:
V24.18.1

MD5:
a0d24c91a3e8e10df86b8dfb0c85cba1

SHA-1:
b521af02fdf37fb5a1427f9479ffa41412740d7a

SHA-256:
f1642ea98bd959d8bf9d67b1332c5ce365675976a6f99edafe4ad0dfc3c787c1

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/24/2024 5:20:39 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.Gen
7.11.112.26

AVG
Generic
2016.0.2943

Dr.Web
Adware.Downware.1326
9.0.1.0301

ESET NOD32
Win32/DownWare
9.9021

K7 AntiVirus
Unwanted-Program
13.174.10530

Malwarebytes
MSIL.Solimba
v2015.10.28.02

McAfee
Artemis!57A567A55FE8
5600.6599

NANO AntiVirus
Trojan.Win32.Generic.dbfyqg
0.30.0.296

Reason Heuristics
Win32.Generic.VisualSoftwareSystems.Installer.Meta
15.10.28.2

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.151026

Sophos
Solimba Installer
4.96

Trend Micro House Call
TROJ_GEN.F47V1023
7.2.301

File size:
535.6 KB (548,456 bytes)

Product version:
V24.18.1

Copyright:
VisualBee.com

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_min.exe

Digital Signature
Signed by:
Visual Software Systems LTD

Authority:
Thawte, Inc.

Valid from:
10/17/2013 8:00:00 PM

Valid to:
10/17/2015 7:59:59 PM

Subject:
CN=Visual Software Systems LTD, O=Visual Software Systems LTD, L=Tel Aviv - Yafo, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4151E7647C88F6CE43FD79FAAA1350F0

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:f6P8FilPAWJXFfTIhq/IYUgrkQrd6J0Itlx9N6RpsUNw:iXlZfTIk/ogrkQrd00I7QsUNw

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9486

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove setup_min.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.