home

virtualdj setup.exe

Gori

Fast Installer (Install Manager Limited)

The application virtualdj setup.exe, “Gori Setup ” by Fast Installer (Install Manager Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.todaycapitalbyte.com.
Publisher:
Doc   (signed by Fast Installer (Install Manager Limited))

Product:
Gori

Description:
Gori Setup

MD5:
be2736a3ba6268d53bc42624d4ca08d7

SHA-1:
6597c90ae9adb1be6a857ec9600f28569c7bd743

SHA-256:
252c9ff202aa114f45d002c38d05af65322b6ed75ed3f8f083c27f58fed171e3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/29/2024 4:40:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer (M)
17.3.12.11

File size:
1.2 MB (1,231,192 bytes)

Product version:
3.1.1

Copyright:
Installer Stub

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\virtualdj setup.exe

Digital Signature
Signed by:
Fast Installer (Install Manager Limited)

Authority:
COMODO CA Limited

Valid from:
11/29/2015 5:00:00 PM

Valid to:
11/29/2016 4:59:59 PM

Subject:
CN=Fast Installer (Install Manager Limited), O=Fast Installer (Install Manager Limited), STREET="Level 27, Pwc Tower, 188 Quay Street", L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B22473FAF501DC1F0A089DA6F97DCB9

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8948

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file virtualdj setup.exe has been seen being distributed by the following URL.

http://www.todaycapitalbyte.com/bztw6A7tFcuesYmzkd0UAx3EdPnfIjxQhlZCizF8v0N6KOpA0vJ0zRcqlNYOqis2P3QYxt_9zmT4iooIx7Zel0se8jof40Wg5eXf0tDrCGEz5RKfneoV pxQAvIWlURV9fURUIsumbjV7Ng1hjcCKAE12HzWCqh745bEWFDoxNGc MR3NLA8GEmJvfPaFZUwCSxcjWjFCT369nY6jfemF P466Nw8g==-G0YAAES3eX4z8sjvE6mggkBQChxy4HYLqKgtQAk2xs4VDKwr05NIMDaz_RACPfNJFUl_4hlHvesTFFRughsb

Remove virtualdj setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.