qvodsetup3.exe

QvodInstall Module

Shenzhen QVOD Technology Co.,Ltd

The application qvodsetup3.exe by Shenzhen QVOD Technology Co.,Ltd has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.qvod.com and multiple other hosts.
Publisher:
Shenzhen QVOD Technology Co.,Ltd  (signed and verified)

Product:
QvodInstall Module

Version:
5, 0, 0, 0

MD5:
567b9cdee718a1273b28fa84cf291d89

SHA-1:
aedec1d479a3e40891b08ef1db7d0acff1c378a9

SHA-256:
87d872e8cd996f7a87b42cf25d1135d795ae9cd9b2c76566e55c95ecd28947fa

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:21:10 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod5db.Trojan
1.3.0.4613

Dr.Web
Win32.HLLW.Unjap.10
9.0.1.011

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

McAfee
Generic.dx!567B9CDEE718
5600.7253

Norman
Killav.AWIG
11.20140111

SUPERAntiSpyware
Adware.Qvod
10852

Trend Micro House Call
ADW_AGENT
7.2.11

Trend Micro
ADW_AGENT
10.465.11

XVirus List
Win.Detected
2.3.31

File size:
521.4 KB (533,904 bytes)

Product version:
5, 0, 0, 0

Copyright:
Copyright(C) 2006-2011 QVOD

Original file name:
QvodInstall.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/20/2011 8:00:00 AM

Valid to:
7/17/2013 7:59:59 AM

Subject:
CN="Shenzhen QVOD Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shenzhen QVOD Technology Co.,Ltd", L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2CCAC0204E26AFC893F8A3DB73E01C70

File PE Metadata
Compilation timestamp:
9/27/2011 6:28:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:0O3A0yRURmo1jyiZQ1go3ZtNPAFichqWfkgclsl8tSTyU/8ijFr5ROSeTeC6VYTb:zJyRMHRQ1gsTyNhVfeQ+U/Zhg6irfj

Entry address:
0xC7290

Entry point:
60, BE, 00, 10, 46, 00, 8D, BE, 00, 00, FA, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.4991

Packer / compiler:
UPX 2.90LZMA]

Code size:
412 KB (421,888 bytes)

Windows Firewall Allowed Program
Name:
D:\檔案區\QvodSetup3.exe


The file qvodsetup3.exe has been seen being distributed by the following 5 URLs.

http://dl.qvod.com/QvodSetup3_yryh.exe

http://dl.qvod.com/QvodSetup3_lskj.exe

Remove qvodsetup3.exe - Powered by Reason Core Security