home

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 36 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.fivemillionfriends.com.
Publisher:
appbundler.com  (signed and verified)

Description:
Installer

Version:
2.0.343.0

MD5:
d7b44136b3a6000609f3bc0c03f729a7

SHA-1:
9c688afe90e27454ed4b66451088d0af4e16a789

SHA-256:
efcfdc953b9af5808088c136197b6499a454eb67c3577bb4d80cf0696d2a5330

Scanner detections:
36 / 68

Status:
Adware

Analysis date:
4/26/2024 8:34:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Hotbar.1
853

Agnitum Outpost
Adware.Rugo.Gen.5
7.1.1

AhnLab V3 Security
Adware/Win32.Hotbar
2014.10.05

Avira AntiVirus
TR/Graftor.1098
7.11.30.172

avast!
Win32:Zango-AQ [PUP]
141003-0

AVG
Adware Skodna.Generic_r.BM
2014.0.4025

Bitdefender
Gen:Variant.Adware.Hotbar.1
1.0.20.1385

Clam AntiVirus
WIN.Adware.Screensaver-7
0.98/19476

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
19699

Dr.Web
Adware.Hotbar.700
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar
14.10.04

ESET NOD32
Win32/Adware.HotBar.H application
7.0.302.0

Fortinet FortiGate
Riskware/Zango
10/4/2014

F-Prot
W32/HotBar.L.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Hotbar.1
11.2014-04-10_7

G Data
Gen:Variant.Adware.Hotbar
14.10.24

IKARUS anti.virus
not-a-virus:WebToolbar.Win32
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.183.13584

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
15.0.0.494

Malwarebytes
Adware.Hotbar
v2014.10.04.02

McAfee
Adware-HotBar.d
5600.6987

Microsoft Security Essentials
Threat.Undefined
1.185.2231.0

MicroWorld eScan
Gen:Variant.Adware.Hotbar.1
15.0.0.831

NANO AntiVirus
Riskware.Win32.Zango.roqji
0.28.2.62440

Norman
ClickPotato.A
11.20141004

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Quick Heal
Adware.Rugo.A
10.14.14.00

Reason Heuristics
PUP.Installer.appbundler.J
14.10.4.13

Rising Antivirus
PE:Trojan.Win32.Downloader.z!1075347135
23.00.65.141002

Sophos
ClickPotato Installer
4.98

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.0.11209

Trend Micro House Call
TROJ_AGNT.SMUS17
7.2.277

Trend Micro
TROJ_AGNT.SMUS17
10.465.04

Vba32 AntiVirus
Adware.Hotbar.1
3.12.26.3

VIPRE Antivirus
Threat.4672643
33624

Zillya! Antivirus
Adware.HotBar.Win32.498
2.0.0.1942

File size:
211.7 KB (216,752 bytes)

Product version:
2.0.343.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xvidsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/21/2010 7:00:00 PM

Valid to:
12/21/2012 6:59:59 PM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05E671753CF9BB1D76A8C55652892720

File PE Metadata
Compilation timestamp:
7/15/2011 11:22:57 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:cpQh9tLA//w9apAOWaSCSDsoQwCXchVzZ:kS9tnsAOWaFxnwCXcHz

Entry address:
0x73A50

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8788

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
200 KB (204,800 bytes)

The file xvidsetup.exe has been seen being distributed by the following URL.

http://origin-ics.fivemillionfriends.com/IC/GPLAppBundler33/19796/0/.../XvidSetup.exe

Remove xvidsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.