hdvideoplayer_2161528566.exe

Nesino

Secure Software Products

The application hdvideoplayer_2161528566.exe, “Nesino Setup ” by Secure Software Products has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headmetavault.com.
Publisher:
Secure Software Products  (signed and verified)

Product:
Nesino

Description:
Nesino Setup

Version:
1.7.3.5

MD5:
f908e228657d98bdb0c8600471db755a

SHA-1:
a2d902d26f301c2f0a694251dc36126ada5ac061

SHA-256:
8aa40a8cba280803c5075e27960360e187336e2a1464149038bce9c9216a7e03

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 9:32:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.0

File size:
948.4 KB (971,144 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hdvideoplayer_2161528566.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
4/19/2016 11:29:38 PM

Valid to:
4/19/2017 11:29:38 PM

Subject:
CN=Secure Software Products, O=Secure Software Products, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E7095902F2C0288

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9361

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hdvideoplayer_2161528566.exe has been seen being distributed by the following URL.

http://www.headmetavault.com/M56KczUI8sa0GuGHTwOxVJsu_y2lxDaxK_TRKBTKXOlCPXKFDphtoavE719Zo6c8qpCycLbtQdKKn8RDLhk3njbwOLC46oFcpCZ v2JUDpZmS6oT3NrnTWYb4HtfFunSHivwitNDLTn8C1jcEbSqNmUp1e1u0MuJjlEG0xFpbB0lpBFgiOR5Jx1jSqN_0FcwiJDzCJE9Drolf0zUl05b6I3hLDyXqluOmPmxxjFRexcCLJnW1RinoTMgBYSc9i0wP_X1_lvcr7cALuNts4qEINSjS5N3pmGTass_qEOvNVLE8SbnA4UofjyVcLs3NkdWLCMKWl5ZBLSIa7btFcartR8WlUdJKKHMBZjJyTYLlBAoHEfmXeFRwIu3UFOdDj203f8D5UtuIk84H1wje8_oU_2uGCbp 1d7_MqPwic9B11QnGqE2j1y3XHc23WxL52a3KoKlsd5joLbVJcvp7gSW8nt0Wq77pFRAAEJZWrDhnupNEqWD1lBh4Dkgj2DIBndf2iCszpzx73tu0VWKkLrKMKpbrpaJJuoTkHeeb6XCN72qVV4Zy kDqtl8F_ovuses2881UvpHbyStN_d_jc3AiezY9WgWj1zIuwSyfeIPVWPZqBPVw20HitjTbHpv5Ug5xbTBkfJDOslZoJ4dhffeuyz5hHQ9Oiim3Jw fI cpZ105izShFCVg_XfqGfU1zHPIKQUXmg5r _S8pR6 gcsXV51Pd6j ZARC7WH AMSUc0AttHhK9XaYldtUGvIZv5GdAix2mOx_7YNX0CGyoaX6y VyM6gsc bwISkumSqH5WUfo4JJN_nJgRDmImcdf4_tHh8A47-Gy4AAEQ3F5slGeyny9EFwR_D5eddCCcCLSS3DuTGa74Jz DR685Mk8IaPXTgdNGPAg==

Remove hdvideoplayer_2161528566.exe - Powered by Reason Core Security