» videoboxsetup-1.6.5.262_srdown.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

videoboxsetup-1.6.5.262_srdown.exe

VideoBox

Baidu (China) Co., Ltd.

The application videoboxsetup-1.6.5.262_srdown.exe, “VideoBox's Install Program” by Baidu (China) Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program VideoBox by Baidu, Inc.. The file has been seen being downloaded from static.br.hao123.com.

File name:

Publisher:

Baidu Online Network Technology (Beijing) Co., Ltd. (signed by Baidu (China) Co., Ltd.)

Product:

VideoBox

Description:

VideoBox's Install Program

Version:

1.6.5.262

MD5:

5d35ee4f865296abfe7ab31bedddcecf

SHA-1:

beda4818cfb6717800c782e19090ab4cb0e75beb

SHA-256:

5ae9a43bf6c0f5ae375125881c7bd7d467082ce2616b2a50f1c39d3417b8acd4

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

5/2/2024 12:28:11 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.149.142

Dr.Web

DLOADER.Trojan

9.0.1.0140

Reason Heuristics

Threat.Win.Reputation.IMP

14.5.20.11

File size:

13.5 MB (14,136,984 bytes)

Product version:

1.6.5.262

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\videoboxsetup-1.6.5.262_srdown.exe

Digital Signature

Signed by:

Baidu (China) Co., Ltd.

Authority:

GlobalSign nv-sa

Valid from:

2/22/2012 12:18:27 PM

Valid to:

2/22/2015 12:18:27 PM

Subject:

CN="Baidu (China) Co., Ltd.", O="Baidu (China) Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121DF7675AAA08D1B49A83A480F14855D24

File PE Metadata

Compilation timestamp:

12/25/2013 8:01:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:yvvLTSAEALfKaj/rwe9FsTOWjFyz1qaLcXyybx/0ZytgF:ALTSTqHj/5OFOqagXyy3eF

Entry address:

0x31FD

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 9F, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, F8, 2A, 00, 00... 
[+]

Entropy:

7.9903

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file videoboxsetup-1.6.5.262_srdown.exe has been discovered within the following program.

VideoBox by Baidu, Inc.

www.baidu.com

About 3% of users remove it

The file videoboxsetup-1.6.5.262_srdown.exe has been seen being distributed by the following URL.

http://static.br.hao123.com/.../VideoBoxSetup-1.6.5.262_srdown.exe

Remove videoboxsetup-1.6.5.262_srdown.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.