» xvidsetup.exe
Overview
Analysis
File Details
Downloads (1)

xvidsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application xvidsetup.exe by appbundler.com has been detected as adware by 25 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.fivemillionfriends.com.

File name:

xvidsetup.exe

Publisher:

appbundler.com (signed and verified)

Description:

Installer

Version:

2.0.394.0

MD5:

0173dd5d13c720571748ffbc2d034771

SHA-1:

f87fd0ffdd4263498432f616ac2558c0a337c247

Scanner detections:

25 / 68

Status:

Adware

Analysis date:

4/24/2024 2:17:48 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Hotbar

2012.01.27

Avira AntiVirus

TR/Spy.Gen4

7.11.21.190

avast!

Win32:Zango-AQ [PUP]

2014.9-151103

AVG

Zango

2016.0.2937

Bitdefender

Gen:Variant.Adware.Hotbar.2

1.0.20.1535

Comodo Security

ApplicUnwnt.Win32.AdWare.Hotbar.K

11361

Dr.Web

Adware.Hotbar.700

9.0.1.0307

Emsisoft Anti-Malware

Riskware.WebToolbar.Win32.Zango!IK

8.15.11.03.10

ESET NOD32

Win32/Adware.HotBar (variant)

9.6830

Fortinet FortiGate

Misc/Zango

11/3/2015

F-Prot

W32/HotBar.L.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Adware.Hotbar.2

11.2015-03-11_3

G Data

Gen:Variant.Adware.Hotbar

15.11.22

IKARUS anti.virus

not-a-virus:WebToolbar.Win32.Zango

t3scan.1.1.113.0

K7 AntiVirus

Adware

13.126.6027

Kaspersky

not-a-virus:AdWare.Win32.ScreenSaver

14.0.0.1178

McAfee

Adware-HotBar.d

5600.6593

Microsoft Security Essentials

Adware:Win32/Hotbar

1.163.1557.0

Norman

W32/ClickPotato.B

11.20151103

Quick Heal

Adware.Rugo.A

11.15.12.00

Reason Heuristics

PUP.Pinball.appbundler.Installer (M)

15.11.3.10

Sophos

ClickPotato Installer

4.73

SUPERAntiSpyware

Adware.Agent/Gen-Zango

9530

Vba32 AntiVirus

BScope.Injector.xg

3.12.16.4

VIPRE Antivirus

Pinball Corporation.

11462

File size:

234.2 KB (239,792 bytes)

Product version:

2.0.394.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\xvidsetup.exe

Digital Signature

Signed by:

appbundler.com

Authority:

VeriSign, Inc.

Valid from:

12/21/2010 4:00:00 PM

Valid to:

12/21/2012 3:59:59 PM

Subject:

CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

05E671753CF9BB1D76A8C55652892720

File PE Metadata

Compilation timestamp:

8/19/2011 7:10:54 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:DzWcyVQryDkdP/50WH9JbnaEomNqV5u+stzRVfRa8XIyouUF8BpooqVx++yRNZUm:vWhVMyDkdZ0YCkRVfRaQNqVxZMzUm

Entry address:

0x85590

Entry point:

60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8845

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

224 KB (229,376 bytes)

The file xvidsetup.exe has been seen being distributed by the following URL.

http://origin-ics.fivemillionfriends.com/IC/GPLAppBundler39/21772/0/.../XvidSetup.exe

Remove xvidsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.