home

xvidly_setup.exe

xVidly

Jottix international media G. M (2007) LTD

The application xvidly_setup.exe by Jottix international media G. M (2007) has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs.
Publisher:
Jottix  (signed by Jottix international media G. M (2007) LTD)

Product:
xVidly

Version:
1.0

MD5:
c9842c7a94aa991193cd7945b1a22a49

SHA-1:
cb2d8530cf43836a04dae85a71dbe3371958c0ba

SHA-256:
d9e937650b208344f7291e9211e40828c81d577ec8a4fd5c283aba148a2d6a33

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 10:12:46 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Adware-AZL [Adw]
140617-1

AVG
Generic
2015.0.3400

Dr.Web
Adware.Downware.1402
9.0.1.05190

NANO AntiVirus
Riskware.Nsis.Babylon.cwhyhv
0.28.2.60990

Panda Antivirus
Adware/WebCake
14.07.27.09

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.JottixinternationalmediaGM2007.M
14.6.3.8

Sophos
Jottix
4.98

Trend Micro House Call
TROJ_GE.2A64D34A
7.2.208

VIPRE Antivirus
Threat.4784450
31208

File size:
634.4 KB (649,656 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xvidly_setup.exe

Digital Signature
Signed by:
Jottix international media G. M (2007) LTD

Authority:
Thawte, Inc.

Valid from:
12/22/2012 6:00:00 PM

Valid to:
12/23/2013 5:59:59 PM

Subject:
CN=Jottix international media G. M (2007) LTD, O=Jottix international media G. M (2007) LTD, L=Tel-Aviv -Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
78D22334FC3A8C23C5226A26540F86C6

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:l04zmTK4fo65+X9sJQJTPA3dAMt+h/C+GC07cUzR2:Zz6KxK+Xxkoh/CZRcUA

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6686

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file xvidly_setup.exe has been seen being distributed by the following URL.

http://www.xvidly.com/download/.../xvidly_setup.exe

Remove xvidly_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.