home

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 32 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from a.televisiontwister.com.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.113.1

MD5:
451e838c540d4404f2a8e019296bd063

SHA-1:
153effcd4a974e850df1fca265a46625a2b41017

SHA-256:
51c0d388bcf7a97c0f213bda574c17f24c6fea31085269b1f61fa246ca752751

Scanner detections:
32 / 68

Status:
Adware

Analysis date:
4/24/2024 1:12:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.ScreenSaver
7.1.1

AhnLab V3 Security
Adware/Win32.ScreenSaver
2013.02.21

Avira AntiVirus
TR/Graftor.Elzob.15338.1
7.11.62.32

avast!
Win32:Zango-AQ [PUP]
2014.9-131222

AVG
Generic5
2014.0.3618

Bitdefender
Gen:Variant.Adware.Graftor.30458
1.0.20.1780

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
15325

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.30458
8.13.12.22.05

ESET NOD32
Win32/Adware.HotBar (variant)
7.8034

Fortinet FortiGate
Adware/Hotbar
12/22/2013

F-Prot
W32/HotBar.O.gen
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Graftor.30458
11.2013-22-12_1

G Data
Gen:Variant.Adware.Graftor.30458
13.12.22

IKARUS anti.virus
not-a-virus:AdWare.Win32
t3scan.2.0.0.0

K7 AntiVirus
Adware
13.160.8242

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.4584

Malwarebytes
Adware.AdBundle
v2013.12.22.05

McAfee
Adware-HotBar.d
5600.7274

Microsoft Security Essentials
Adware:Win32/Hotbar
1.163.1557.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.30458
14.0.0.1068

NANO AntiVirus
Trojan.Win32.Graftor.bbkjam
0.22.8.50637

Norman
180Solutions.BSE
11.20131222

Quick Heal
Adware.Hotbar.B5
12.13.12.00

Reason Heuristics
PUP.Installer.appbundler.J
14.8.7.21

Rising Antivirus
Adware.Hotbar!481A
23.00.65.131220

Sophos
Mal/Generic-S
4.86

SUPERAntiSpyware
Trojan.Agent/Gen-HotBar
10893

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.0.10304

Trend Micro House Call
TROJ_GEN.R47CCBH
7.2.356

Trend Micro
TROJ_GEN.R47CCBH
10.465.22

Vba32 AntiVirus
AdWare.Win32.ScreenSaver.e
3.12.20.2

VIPRE Antivirus
Pinball Corporation.
15660

File size:
339.7 KB (347,824 bytes)

Product version:
3.0.113.1

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xvidsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/10/2012 1:00:00 AM

Valid to:
1/10/2015 12:59:59 AM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E277DA6E659BFE14CD01F5A2AA95C5

File PE Metadata
Compilation timestamp:
12/19/2012 6:23:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:rdA5wVdCy6wrbDY0rDqTWC4zEDzKuTrSbxc97cXRefkBSHQVK2iC6+I3gHF4f21c:pjyy64VrDqTWIzW+9YIfMSwUP0I3gHwR

Entry address:
0xBCB60

Entry point:
60, BE, 00, B0, 46, 00, 8D, BE, 00, 60, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
328 KB (335,872 bytes)

The file xvidsetup.exe has been seen being distributed by the following URL.

http://a.televisiontwister.com/IC/GPLAppBundler93/44660/0/.../XvidSetup.exe

Remove xvidsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.