home

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 34 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from a.juiceknowledge.com.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.105.0

MD5:
a3fb73f61d8ce9bf2f948f42853ab984

SHA-1:
6d07e74190e752d3bf3860ce37e93af93dfda4c1

Scanner detections:
34 / 68

Status:
Adware

Analysis date:
4/20/2024 3:22:29 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.HotBar
7.1.1

AhnLab V3 Security
Adware/Win32.ScreenSaver
14.12.21

Avira AntiVirus
TR/Banach.A
7.11.144.202

avast!
Win32:Zango-AQ [PUP]
2014.9-141221

AVG
Zango
2015.0.3253

Baidu Antivirus
AdWare.Win32.ScreenSaver
4.0.3.141221

Bitdefender
Gen:Variant.Adware.Hotbar.14
1.0.20.1775

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
18153

Dr.Web
Adware.Hotbar.700
9.0.1.0355

Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar.14
8.14.12.21.11

ESET NOD32
Win32/Adware.HotBar (variant)
8.9709

Fortinet FortiGate
Adware/Hotbar
12/21/2014

F-Prot
W32/HotBar.O.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Hotbar.14
11.2014-21-12_1

G Data
Gen:Variant.Adware.Hotbar.14
14.12.24

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.176.11847

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.2760

Malwarebytes
Adware.AdBundle
v2014.12.21.11

McAfee
Adware-HotBar.d
5600.6909

Microsoft Security Essentials
Adware:Win32/Hotbar
1.10502

MicroWorld eScan
Gen:Variant.Adware.Hotbar.14
15.0.0.1065

NANO AntiVirus
Trojan.Win32.Click2.vpwkb
0.28.0.59492

Norman
180Solutions.BSE
11.20141221

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Quick Heal
Adware.Hotbar.B5
12.14.12.00

Reason Heuristics
PUP.Installer.appbundler.J
14.12.21.23

Rising Antivirus
PE:Adware.HotBar!1.6AAD
23.00.65.141219

Sophos
Generic PUA LM
4.98

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.0.10893

Trend Micro House Call
TSPY_SCREENSAVER_BL132AF9.TOMC
7.2.355

Trend Micro
TSPY_SCREENSAVER_BL132AF9.TOMC
10.465.21

Vba32 AntiVirus
AdWare.ScreenSaver
3.12.26.0

VIPRE Antivirus
Pinball Corporation.
28526

File size:
321.2 KB (328,880 bytes)

Product version:
3.0.105.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\xvidsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/21/2010 4:00:00 PM

Valid to:
12/21/2012 3:59:59 PM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05E671753CF9BB1D76A8C55652892720

File PE Metadata
Compilation timestamp:
9/21/2012 12:47:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:EDQKrk2BsM4e3JUkxJK7Llkc8QxqBz3iw0s9K8sNxSLatLaek3:aLk2B74e3JU3LuaLCK8shxa73

Entry address:
0xB8030

Entry point:
60, BE, 00, B0, 46, 00, 8D, BE, 00, 60, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8866

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
312 KB (319,488 bytes)

The file xvidsetup.exe has been seen being distributed by the following URL.

http://a.juiceknowledge.com/IC/GPLAppBundler82/40335/0/.../XvidSetup.exe

Remove xvidsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.