home

tvsetup.exe

TV Toolbar Powered by Inbox

Xacti

The application tvsetup.exe, “TV Toolbar Powered by Inbox Setup ” by Xacti has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from toolbar.inbox.com.
Publisher:
Xacti, LLC   (signed by Xacti)

Product:
TV Toolbar Powered by Inbox

Description:
TV Toolbar Powered by Inbox Setup

Version:
2.0.1.117

MD5:
f0986bb590b625bc6bfe404d67648125

SHA-1:
44b004eb6113df7158b418cbda7eb60b16221040

SHA-256:
501382a09d6989c52544b56762efcae8bf1f0cd1a91c75dcb9646710919ea948

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 6:38:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11817052
354

Avira AntiVirus
Adware/Agent.2493480
7.11.199.38

Bitdefender
Trojan.Generic.11817052
1.0.20.230

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.PCFixSpeed
0.98/19414

Comodo Security
Application.Win32.Inbox.E
18849

Dr.Web
Adware.Downware.9458
9.0.1.046

Emsisoft Anti-Malware
Trojan.Generic.11817052
8.16.02.15.01

ESET NOD32
Win32/Toolbar.Crawler.B potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2671218
2/15/2016

F-Secure
Trojan.Generic.11817052
11.2016-15-02_2

G Data
Trojan.Generic.11817052
16.2.24

IKARUS anti.virus
PUA.Toolbar
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13407

Malwarebytes
PUP.Optional.ToolBarInstaller
v2016.02.15.01

MicroWorld eScan
Trojan.Generic.11817052
17.0.0.138

nProtect
Trojan.Generic.11817052
14.10.16.01

Reason Heuristics
Win32.Generic
16.2.15.13

VIPRE Antivirus
Threat.4150696
32210

File size:
2.4 MB (2,566,488 bytes)

Product version:
2.0.1.117

Copyright:
copyright © Inbox.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tvsetup.exe

Digital Signature
Signed by:
Xacti

Authority:
Thawte, Inc.

Valid from:
8/28/2013 5:00:00 PM

Valid to:
9/18/2015 4:59:59 PM

Subject:
CN=Xacti, O=Xacti, L=Boca Raton, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
723180E2A807DDA0F77264108931DA53

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:IueZI+c0j4VX+ATItCVlpp8Y9F5LtuI8iHveMCvvPoofwAfwSyebA5rOYiZnX:Zem7aULpCEfzGMCXFfwAf0ebSivZnX

Entry address:
0xC1C0

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01...
 
[+]

Entropy:
7.9944

Developed / compiled with:
Microsoft Visual C++

Code size:
46.5 KB (47,616 bytes)

The file tvsetup.exe has been seen being distributed by the following URL.

http://toolbar.inbox.com/.../TVSetup.exe

Remove tvsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.