home

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 36 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.113.3

MD5:
0bc280bcfeaa01c1d4d8f0fef4632f11

SHA-1:
9e49a8ae0cc5639bfc0fb8dc75f25eb850934c2e

SHA-256:
7103f442ae2fca404d5feece08ead3a56c4235226dcd86757d3edf3b321c75f3

Scanner detections:
36 / 68

Status:
Adware

Analysis date:
4/26/2024 3:55:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Hotbar.14
5588064

Agnitum Outpost
PUA.ScreenSaver
7.1.1

AhnLab V3 Security
Adware/Win32.ScreenSaver
2015.05.30

Avira AntiVirus
ADWARE/Hotbar.aok
8.3.1.6

avast!
Win32:Zango-AQ [PUP]
150525-2

AVG
Adware Skodna.Generic_r.EI
2014.0.4311

Bitdefender
Gen:Variant.Adware.Hotbar.14
1.0.20.750

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
22274

Dr.Web
Adware.Hotbar.700
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Hotbar.14
10.0.0.5366

ESET NOD32
Win32/AdWare.HotBar.U application
7.0.302.0

Fortinet FortiGate
W32/Generic.AC.2130950
5/30/2015

F-Prot
W32/HotBar.O.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Hotbar
5.14.151

G Data
Gen:Variant.Adware.Hotbar.14
15.5.25

IKARUS anti.virus
not-a-virus:AdWare.Win32
t3scan.1.9.2.0

K7 AntiVirus
Adware
13.204.16076

Kaspersky
not-a-virus:HEUR:AdWare.Win32.ScreenSaver
14.0.0.1964

Malwarebytes
Adware.AdBundle
v2015.05.30.03

McAfee
Program.Adware-HotBar.d
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.199.824.0

MicroWorld eScan
Gen:Variant.Adware.Hotbar.14
16.0.0.450

NANO AntiVirus
Trojan.Win32.Click2.bxnutx
0.30.24.1636

Norman
Gen:Variant.Adware.Hotbar.14
03.12.2014 13:20:04

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
Adware.Hotbar.B5
5.15.14.00

Reason Heuristics
PUP.Pinball.Installer
15.5.30.3

Rising Antivirus
PE:Adware.HotBar!1.6AAD
23.00.65.15528

Sophos
PUA 'Hotbar' (of type Adware)
5.14

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.1.62.1

Trend Micro House Call
Possible_HOTBAR.UNP
7.2.150

Trend Micro
Possible_HOTBAR.UNP
10.465.30

Vba32 AntiVirus
AdWare.ScreenSaver
3.12.26.4

VIPRE Antivirus
Threat.4672643
40552

Zillya! Antivirus
Adware.HotBar.Win32.1102
2.0.0.2196

File size:
341.7 KB (349,872 bytes)

Product version:
3.0.113.3

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xvidsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/9/2012 8:00:00 PM

Valid to:
1/9/2015 7:59:59 PM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E277DA6E659BFE14CD01F5A2AA95C5

File PE Metadata
Compilation timestamp:
2/22/2013 1:21:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:CfZ/nwzIhoZib9i0ju9BKVoEZUWJoz0a68W5RMPMQ6xzhQDZIr0lXh:CfpPOZiBiq3zxJoz0DDMPGxVWar0lXh

Entry address:
0xBC2E0

Entry point:
60, BE, 00, A0, 46, 00, 8D, BE, 00, 70, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8835

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
332 KB (339,968 bytes)

Remove xvidsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.