qvpsetup.exe

InstallShield

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application qvpsetup.exe by VoiceFive Networks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallShield Setup installer.
Publisher:
InstallShield Software Corporation  (signed by VoiceFive Networks, Inc.)

Product:
InstallShield (R)

Description:
Setup.exe

Version:
10.01.238

MD5:
d5fdfcd9e84e5a5b691b6f8ea236350c

SHA-1:
56d35d09b8914a366a619f46fe5efb302f695f0d

SHA-256:
452f85c020f4a9dce9e7793c2be4b3042f8f769d068530975ccd2ef19d007f8b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/22/2024 11:45:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG (M)
16.10.12.10

File size:
1.6 MB (1,658,784 bytes)

Product version:
10.01

Copyright:
Copyright (C) 2004 InstallShield Software Corp.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\qvpsetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/12/2012 1:00:00 AM

Valid to:
10/9/2015 12:59:59 AM

Subject:
CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DF0080A576090E4868BAC6B0E459122

File PE Metadata
Compilation timestamp:
7/16/2004 6:22:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:BTa5QT08fQK9JaCIFkW4e5SQWR+gjxEFzkd4Ta5QL88TtdNfWTLUwmMrXtt7/7qY:BTaaTftaC2kWXujxAlTayFfg9tV

Entry address:
0xC816

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 50, 21, 41, 00, 8B, F0, 85, F6, 75, 08, 6A, FF, FF, 15, 4C, 21, 41, 00, 8A, 06, 57, 8B, 3D, 80, 22, 41, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 48, 21, 41, 00, F6, 45, E8, 01, 5F, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF...
 
[+]

Entropy:
7.8419

Packer / compiler:
InstallShield Custom

Code size:
65 KB (66,560 bytes)

Remove qvpsetup.exe - Powered by Reason Core Security