home

zune software.exe

Zune software

The application zune software.exe, “Zune software AppInstaller” has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.download366.com a web site host known to distribute potentially unwanted software operated by FIRSERIA, S.L..
Product:
Zune software

Description:
Zune software AppInstaller

Version:
3.0.7.0

MD5:
3a733bd5e2b6e260923eefcdcf3bac7c

SHA-1:
5f2281bf940fc7e6eeaa774ae746bece234abfdd

SHA-256:
96090d4a237df8f2b131cdd4c995a351c1890dead6671598690d3cbf3cfc7dd8

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/24/2024 3:03:58 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
AdInstaller.V
2016.0.3110

Dr.Web
Adware.Downware.1125
9.0.1.0133

ESET NOD32
MSIL/Solimba
9.8409

McAfee
Artemis!3A733BD5E2B6
5600.6766

Sophos
DownloadMR
4.89

Trend Micro House Call
TROJ_GEN.F47V0521
7.2.133

VIPRE Antivirus
DownloadMR
18402

File size:
194.5 KB (199,160 bytes)

Copyright:
AppInstaller 2013 (50d1d9d5-cf90-407c-820a-35e05bc06f2f)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\zune software.exe

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
3072:xX7DItrfaocyTgfsqQOlJnT+CibLkTMcZ6bmPfydB5QSR+qOMsM0jt1Ruhb:xsaocyLCTniboTIbD5QSdOMZqRuR

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.5602

Code size:
34.5 KB (35,328 bytes)

The file zune software.exe has been seen being distributed by the following URL.

http://www.download366.com/zune-software/.../zune-software.exe

Remove zune software.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.