home

vibersetup.exe

Viber

Viber Media Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It runs as a scheduled task under the Windows Task Scheduler. This file is installed with the program Viber.
Publisher:
Viber Media Inc  (signed by Viber Media Inc.)

Product:
Viber

Description:
Viber Install

Version:
3.0.0.133634

MD5:
b462603654c47107283cfa2fe8363d38

SHA-1:
61bd1308fb263d7384bdd8601b780db9b06dca7e

SHA-256:
70ac50edb8cb7104784cf38d4d03aeb9589000ebf5ae0c2bf75b2e64c8adf749

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/14/2025 11:09:53 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Downware.crewao
0.28.0.57029

Rising Antivirus
PE:Trojan.Dropper!6.1BE
23.00.65.14227

File size:
1.3 MB (1,365,248 bytes)

Product version:
3.0.0.133634

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\vibersetup.exe

Digital Signature
Signed by:
Viber Media Inc.

Authority:
Thawte, Inc.

Valid from:
3/28/2012 2:00:00 AM

Valid to:
3/29/2014 12:59:59 AM

Subject:
CN=Viber Media Inc., OU=DEV, O=Viber Media Inc., L=Panama, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73C6D14119B06C7562CA81A8BEFDCED1

File PE Metadata
Compilation timestamp:
5/30/2013 10:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:tGY6g4I1Hgwa6TTp0uvOe1LXlGI4K/9sd0f87BDovPYEizz17ab:gY6g42AwVN0ubZcDCI0fIDovgEQ17ab

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

Scheduled Task
Task name:
{E4AD52F7-B098-41F2-B8A8-143C844BD278}

Trigger:
Registration (Runs on registration)


The file vibersetup.exe has been discovered within the following program.

Viber  by Viber Media Inc
Publisher's description - “Viber for Windows lets you send free messages and make free calls to other Viber users, on any device and network, in any country! Viber syncs your contacts, messages and call history with your mobile device. All the stickers from your mobile phone, now on your desktop.”
www.viber.com/products/windows
About 3% of users remove it
 
Powered by Should I Remove It?

The file vibersetup.exe has been seen being distributed by the following 28 URLs.

&onid=2150&oid=3001-2150_4-75912508&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=chat-voip-email/chat&topicbrcrm=windows software&pid=13323743&mfgid=10123980&merid=10123980&ctype=dm&cval=CBSI&devicetype=desktop&pguid=0903457ec8edab0ad29780a9&viewguid=RK74MTapveIQh4wkIbdVZ6Z@0AvSotTi2Ac4&destUrl=http://software-files-a.cnet.com/s/software/13/32/37/.../ViberSetup.exe

http://www.ranchsignbundle.com/tYh9SKPpFniSSWMqrwYpaOPrybCb2H8WjccG9kE_192Pdox001u Cd10F4UwSPXA92fbyxS8tp55aP3fCNEsx71HSY5wryX6W2nhWXLTsuq 41CnEAtrnX9VvGS5L8 R5AcBRdmE6XZ3nFom_Kr_MS9_2ODR LyrOnm1wxdSCA8Hu6ReUNU=-Ow==

http://www.ranchsignbundle.com/NXxhRgsUeweoA hP_Jkg 73Dp1bt4MP57O6vI8qyMleZbwV8LuWLCUtRTKO1tgfzIbka9SMkcyGsr1CpjhcQICLf0Nsk0aGI225wQLoFLC3buJZZiiG052VLj11tk3Bp6e7hWBxS1YqcsjxQXLRr8n3 DVAsTMRD4a9uFLBd NXBLE50_gE=-Ow==

http://gsf-cf.softonic.com/c64/9a9/.../ViberSetup.exe

http://www.ranchsignbundle.com/c?x=rimp3NKNuu679pTrHQb4xMnkuOGD9FyCnMrGWQ TXDU=&c=0r2Upiwnbw/Kj6iTPXqBsytqWd1SjCHRSieAXc6JotQ/hmw5axaCeGVksavjExOFkmRtImWXIn8KzDV/huiqhqmsKkWgKaIggBsW/ZvjSUeFPjAT/UEUwZDQ7 929jBFusHK881NzFcTT3LDgm24d6f9FEn/.../404

http://www.ranchsignbundle.com/c?x=YypfoQ/Rq tx3mIwzVbKW8II SIVk6HATV6c1/2F0lE=&c=psPJJm3GaRW0HkYmc75yj0jH3ppOuLORxMr/qgcTvJsGbOtVXONW9xi7 pWmqhGBUnaiIhv5I9Hq/Vdo59g5WhClSeAyj7DjWhj8Y1sERbQIQBJSMe46XGCMinxCCOT93nm /.../404

temp:vibersetup.exe

http://download.cdn.viber.com/desktop/.../ViberSetup.exe

http://www.ranchsignbundle.com/WVl6OTRQVlJuV1RsV2RsWlNUa3RFVEZaVlEyOWxKVEpDTnlVeVFqYzBSVlpwVFZoNGVEZENkR1JLVDAxcldDVXlRbEF6YVRnbE0wUW1ZejFTVlhwTFNVaHNhbWhSVkU5WFRTVXlRbXgwVTBzNGNGTXllRUpyV1ZNbE1rWm9WMU5JU3pVNFpuRjRUMWQzY0dreFUzQk5iMGMwVFRaM04ydGhNWEZzYVd4NVFtMTJkakl5VmtnMk5scExaalV5ZVZCcldHRk5VM2Q1TmlVeVJrdHFiVVF3YjBwTFJGWmpNbWhDVEZaUk9HZHFZakZ3VFVSdmRHMTJkVk53ZURkemMyZElTQ1ptWVd4c1ltRmphMTkxY213OVptbHNaWHB2YjIxekxtTnZiU1V5UmpRd05BPT0=

http://gsf-cf.softonic.com//61b/d13/.../file?id_file=69660283&channel=WEB_SD&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=1&Expires=1407197073&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=SzJ4wSctVrBbUSY-aHrwHxc04bObepvbsMgXnt2b42UpMTTepIxX5uXrrMotb-XIMRNFq9QAfZKyajDwFgRmmzY6spHcC3nkv7HTlTNvPcA8XXnEXfA0DNvnW1VzuvCfgfgkqe10Xsis4Pd0r5~M1DiuW6znb6hj9Ysfor-x5Oo_&filename=ViberSetup.exe

http://www.ranchsignbundle.com/c?x=YPxelCPn4axnIblMgZtqoia FlzXxsyau7kdtDwZS5w=&c=M1baIJcOofbdYxCftfHaupzLQcqGGrkDesfCkRe3IREdc89KaYNkVkQ8MzOgJW4pea5bEspchoxNuZQVZq3d6hDHy1l8ug34/.../404

http://www.ranchsignbundle.com/WVl6OTRQVWgzVTFSdVdGcEtZazhsTWtKTFdFOUJPVzVYVFVwNVRHMUJlalJ5UnpKd2VGRWxNa0pLYUV4NVIzSXlaMjFKSlRORUptTTlkRXRzTmtOVGFGVmtaVFZEUjJWNlMwVm5ZV3R1UkdkR2VuRmFjbU5xTjFORk4wWldjMnhtTXpjMlJUazBSRWhEY0dNemVEVkdTWGc0ZFd0eVZWbFhRbk5rZGpjeVdYQlNjME4xY0RNbE1rSXdNU1V5Um5reWIyZGFNaVV5UWxsSFRGSkJlVmszYm1NbE1rWTBZbm93TjFoQmQwRWxNa1owZG5oQllXUm5lVk5pVUVGcVRUbElhVWhPSm1aaGJHeGlZV05yWDNWeWJEMW1hV3hsZW05dmJYTXVZMjl0SlRKR05EQTA=

http://www.file-upload.cc/cgi-bin/dl.cgi/.../ViberSetup.exe

http://i.softplanet.com/.../Viber311.exe

http://files.downloadnow.com/s/software/13/32/37/.../ViberSetup.exe

https://bl2drxravm03.ra.live.com/RemoteAccess/v1/Consumer/.../ViberSetup.exe

http://software-files-a.cnet.com/s/software/13/32/37/.../ViberSetup.exe

http://download1345.mediafire.com/4k7tbvvfdnjg/.../ViberSetup.exe

http://www.commentcamarche.net/download/.../telecharger-34098241-viber

http://www.topmessengers.net/.../download

http://dl.aviny.com/download/software/internet/messenger/.../Viber-for-Windows-v3.1.1.exe

http://viber-for-windows.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enKGQn52lkZc=

http://www.techtudo.com.br/_/software/.../download

http://dl.filehorse.com/win/messaging-and-chat/.../Viber-for-Windows-3.1.1.exe

http://viber-for-windows.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enKKQoJyflJo=

http://download.cdn.viber.com/cdn/desktop/.../ViberSetup.exe

http://szoftverhotel.hu/.../viber_3.1.1.exe

http://download.viber.com/desktop/.../ViberSetup.exe

Scan vibersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.