home

vio_player_setup.exe

VIO Installer

SHLEMOON MEDIA INC

The application vio_player_setup.exe by SHLEMOON MEDIA INC has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from d30p0qtruhwpvm.cloudfront.net.
Publisher:
VIO  (signed by SHLEMOON MEDIA INC)

Product:
VIO Installer

Version:
1.0.0.0

MD5:
d53788ec80f052ebf146785c9583c522

SHA-1:
83b2cbb0cb53fdee49dd40394e4188fa165ebd22

SHA-256:
5c85fcaa4c0ccf297f7c565208ad1eb13d79f524a9f8334708851ea17138b0d8

Scanner detections:
9 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/27/2024 3:08:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-131224

AVG
Generic5
2014.0.3615

Comodo Security
UnclassifiedMalware
16802

ESET NOD32
Win32/Adware.Moonshle (variant)
7.8712

Malwarebytes
PUP.BundleInstaller.VIO
v2013.12.24.09

MicroWorld eScan
Win32:PUP-gen [PUP]
14.0.0.1074

Reason Heuristics
PUP.Installer.SHLEMOONMEDIAINC.Q
14.9.27.16

SUPERAntiSpyware
Trojan.Agent/Gen-Moonshle
10887

VIPRE Antivirus
Trojan.Win32.Generic
20742

File size:
147.8 KB (151,392 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vio_player_setup.exe

Digital Signature
Signed by:
SHLEMOON MEDIA INC

Authority:
DigiCert Inc

Valid from:
8/1/2012 1:00:00 AM

Valid to:
8/5/2013 1:00:00 PM

Subject:
CN=SHLEMOON MEDIA INC, O=SHLEMOON MEDIA INC, L=Woodbridge, S=Ontario, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E1ECFCEDFD4F35E855B5265BB6A4704

File PE Metadata
Compilation timestamp:
9/11/2012 9:12:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:cwZNXe34BmW6RqELxxsnzn8AGT+V+j4eeJy/RkbniVK/6MxPa+1NQD9gUHOM5qrg:TXe3FW65WnrGiV+0KkrPT1+a5M1cg

Entry address:
0x662A

Entry point:
E8, 5D, 5B, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01...
 
[+]

Code size:
71 KB (72,704 bytes)

The file vio_player_setup.exe has been seen being distributed by the following URL.

http://d30p0qtruhwpvm.cloudfront.net/.../Vio_Player_Setup.exe

Remove vio_player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.