» xwidget_setup184.exe
Overview
Analysis
File Details
Downloads (3)

xwidget_setup184.exe

XWidget

XWidget Software

The application xwidget_setup184.exe, “XWidget Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.

File name:

Publisher:

XWidget Software

Product:

XWidget

Description:

XWidget Setup

Version:

1.84

MD5:

53c5e89f03cb47346b6f60d784810db2

SHA-1:

129a62c98145a183f731254fc6a8ddde73f41b4c

SHA-256:

a30c3cbe8cce2af3835993b67f4169242937a0750b5054ca7efcb7a70d7e3e91

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/24/2024 6:49:06 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.2013

9.0.1.023

ESET NOD32

Win32/InstallMonetizer.AQ

8.9311

F-Prot

W32/FakeInstall.A.gen

v6.4.7.1.166

File size:

8.2 MB (8,646,986 bytes)

Product version:

1.84

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\xwidget_setup184.exe

File PE Metadata

Compilation timestamp:

12/20/2011 10:16:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:gxPLuIoKc5RmQIVs30Vh4FywBsWvAJO62kT9E3QO/TKz:gxK2KNIVLVh4FOqAo6zTcTK

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9944

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file xwidget_setup184.exe has been seen being distributed by the following 3 URLs.

http://software-files-a.cnet.com/s/software/13/16/37/.../xwidget_setup184.exe

http://www.xwidget.com/download3.php

http://xwidget.googlecode.com/.../xwidget_setup184.exe

Remove xwidget_setup184.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.