home

webxvid provided through c4dl media.exe

Epsilon Installer

LiveSoftAction SRL

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application webxvid provided through c4dl media.exe by LiveSoftAction SRL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. The file has been seen being downloaded from webxvid.com.
Publisher:
Live Soft Action  (signed by LiveSoftAction SRL)

Product:
Epsilon Installer

Version:
9.18.4.1

MD5:
05d1995cb3251f45deb1515451b744e4

SHA-1:
c80f00adc71f54ccf7278114959d650f9cc380b7

SHA-256:
2b9c7b18bc1077eb65440cd5bce8ae3f7e9dba6d9b9d0fc271e9c47756d815be

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 11:25:48 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.LiveSoftAction.Bundler (M)
16.2.19.17

File size:
1.1 MB (1,188,952 bytes)

Product version:
9.18.4.1

Copyright:
(c) Live Soft Action. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\webxvid provided through c4dl media.exe

Digital Signature
Signed by:
LiveSoftAction SRL

Authority:
GlobalSign nv-sa

Valid from:
3/3/2015 4:24:08 PM

Valid to:
3/3/2016 4:24:08 PM

Subject:
CN=LiveSoftAction SRL, O=LiveSoftAction SRL, L=Bucuresti, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112115C730891244FB88071FE814148E0E53

File PE Metadata
Compilation timestamp:
4/30/2015 3:07:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:ntHW48UyuXUYWb3ZGQju3Kznv3mFvoZyp0:nt2FhD8ov3mFvoM

Entry address:
0x2E2D10

Entry point:
60, BE, 00, 90, 5D, 00, 8D, BE, 00, 80, E2, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1 MB (1,089,536 bytes)

The file webxvid provided through c4dl media.exe has been seen being distributed by the following URL.

http://webxvid.com/download.php

Remove webxvid provided through c4dl media.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.