» limewiresetup.exe
Overview
Analysis
File Details
Downloads (1)

limewiresetup.exe

Pinball Corporation.

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application limewiresetup.exe by Pinball has been detected as adware by 30 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from origin-ics.hotbar.com.

File name:

limewiresetup.exe

Publisher:

Pinball Corporation. (signed and verified)

Description:

Installer

Version:

2.0.142.0

MD5:

3354b72c18cfbb9b032e705876a2ce82

SHA-1:

09104e9f52a44c0db420ea6c6000eba86c25cb1b

SHA-256:

72cdbb732a3267c46107d14d7114f32464878175dd8e4d846eada81b3a234b21

Scanner detections:

30 / 68

Status:

Adware

Analysis date:

2/25/2025 7:38:31 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Hotbar

2011.11.29

Avira AntiVirus

ADSPY/AdSpy.Gen2

7.11.18.123

avast!

Win32:HotBar-AZ [PUP]

2014.9-150602

AVG

Zango

2016.0.3091

Bitdefender

Gen:Variant.Adware.HotBar.4

1.0.20.765

Clam AntiVirus

Suspect.W32.AdInstall.PBCXP

0.98/18155

Comodo Security

UnclassifiedMalware

10793

Dr.Web

Adware.Zango.178

9.0.1.0153

Emsisoft Anti-Malware

Riskware.WebToolbar.Win32.Zango!IK

8.15.06.02.01

ESET NOD32

Win32/Adware.HotBar (variant)

9.6668

Fortinet FortiGate

Adware/PlatriumSA

6/2/2015

F-Prot

W32/HotBar.K.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Adware.HotBar.4

11.2015-02-06_3

G Data

Gen:Variant.Adware.HotBar

15.6.22.290/22.541

IKARUS anti.virus

not-a-virus:WebToolbar.Win32.Zango

t3scan.1.1.109.0

K7 AntiVirus

Adware

13.115563

Kaspersky

not-a-virus:WebToolbar.Win32.Zango

14.0.0.1950

Malwarebytes

Adware.Hotbar

v2015.07.28.02

McAfee

Artemis!3354B72C18CF

5600.6747

Microsoft Security Essentials

Adware:Win32/Hotbar

1.163.1557.0

Norman

W32/180Solutions.BPZ

11.20150602

nProtect

Gen:Variant.Adware.HotBar.4

11.11.29.01

Quick Heal

Win32.Adware.ZangoSearchAssistant.3.Pack

6.15.12.00

Reason Heuristics

PUP.Pinball.Installer

15.6.1.21

Sophos

ClickPotato Installer

4.71

SUPERAntiSpyware

Adware.Agent/Gen-Zango

9839

Trend Micro House Call

HeurSpy_Zango-3

7.2.153

Trend Micro

HeurSpy_Zango-3

10.465.02

Vba32 AntiVirus

AdWare.HotBar.dh

3.12.16.4

VIPRE Antivirus

Pinball Corporation.

11175

File size:

189.3 KB (193,816 bytes)

Product version:

2.0.142.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\limewiresetup.exe

Digital Signature

Signed by:

Pinball Corporation.

Authority:

VeriSign, Inc.

Valid from:

5/18/2009 8:00:00 PM

Valid to:

5/19/2011 7:59:59 PM

Subject:

CN=Pinball Corporation., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Pinball Corporation., L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4FEAB55730A755A456FE6C18A4791C1A

File PE Metadata

Compilation timestamp:

7/7/2010 5:42:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:xzkZNPrY53qmE+LojlnFZYIFOqFmfxV5IMXTbqC:xIZ9vjl74qFyH9bqC

Entry address:

0x7DA50

Entry point:

60, BE, 00, 20, 45, 00, 8D, BE, 00, F0, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8815

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

176 KB (180,224 bytes)

The file limewiresetup.exe has been seen being distributed by the following URL.

http://origin-ics.hotbar.com/IC/GPLHBLite11_Limewire/4005/.../LimewireSetup.exe

Remove limewiresetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.