home

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 34 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.113.1

MD5:
bc171e0d8ab1fbd7ff74282881e02e42

SHA-1:
e4f6e284b901b1834ce7696681b2ec84ae2a2db1

SHA-256:
8e9463d8b9f42f20e580d5e59f2fa409a7f6190378e1f9213d5dfe05d471aa8b

Scanner detections:
34 / 68

Status:
Adware

Analysis date:
4/26/2024 3:32:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.380224
980

Agnitum Outpost
PUA.GOffer
7.1.1

AhnLab V3 Security
Adware/Win32.ScreenSaver
2014.05.31

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

avast!
Win32:Zango-AQ [PUP]
140529-0

AVG
Adware Skodna.Generic_r.EI
2014.0.3955

Bitdefender
Adware.Generic.380224
1.0.20.755

Clam AntiVirus
WIN.Adware.Screensaver-7
0.98/19042

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
18384

Dr.Web
Adware.Hotbar.700
9.0.1.05190

Emsisoft Anti-Malware
Adware.Generic.380224
8.14.05.31.03

ESET NOD32
Win32/Adware.HotBar.P application
7.0.302.0

Fortinet FortiGate
Adware/Hotbar
5/31/2014

F-Prot
W32/HotBar.O.gen
4.6.5.141

F-Secure
Adware.Generic.380224
11.2014-31-05_7

G Data
Adware.Generic.380224
14.5.24

IKARUS anti.virus
AdWare.ScreenSaver
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.178.12257

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.3784

Malwarebytes
Adware.AdBundle
v2014.05.31.03

McAfee
Adware-HotBar.d
5600.7114

Microsoft Security Essentials
Threat.Undefined
1.175.592.0

MicroWorld eScan
Adware.Generic.380224
15.0.0.453

NANO AntiVirus
Trojan.Win32.Click2.brloqf
0.28.0.59921

Norman
180Solutions.BSE
11.20140531

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
Adware.Hotbar.B5
5.14.14.00

Reason Heuristics
PUP.Installer.appbundler.J
14.8.7.21

Rising Antivirus
PE:Adware.HotBar!1.6AAD
23.00.65.14529

Sophos
Generic PUA DA
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-HotBar
10573

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.0.10969

Vba32 AntiVirus
AdWare.ScreenSaver
3.12.26.0

VIPRE Antivirus
Threat.4672643
29732

File size:
338.2 KB (346,288 bytes)

Product version:
3.0.113.1

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xvidsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/10/2012 1:00:00 PM

Valid to:
1/10/2015 12:59:59 PM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E277DA6E659BFE14CD01F5A2AA95C5

File PE Metadata
Compilation timestamp:
12/20/2012 6:23:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:aA5wVdCy6wrbDY0rDqTWC4zEDzKuTrSbxc97cmo6giJjeNM1Ozmm0az1t95AOzi7:ajyy64VrDqTWIzW+9Ymo6g4jeNM1OKm0

Entry address:
0xBB460

Entry point:
60, BE, 00, A0, 46, 00, 8D, BE, 00, 70, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8838

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
328 KB (335,872 bytes)

Remove xvidsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.