setup-dvd.exe

Direct Video Downloader

Gürkan Dilmen

The application setup-dvd.exe, “Direct Video Downloader Setup ” by Gürkan Dilmen has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from software.thaiware.com and multiple other hosts.
Publisher:
Major Share, MajorShare.com   (signed by Gürkan Dilmen)

Product:
Direct Video Downloader

Description:
Direct Video Downloader Setup

MD5:
e23e7a507ba7e0875bf9f0f6eaacee4e

SHA-1:
4a8e39586be30814483288dee26ba196c1e51547

SHA-256:
38730a6428ec6d773bc4dc0e76ff7fbf1f66d7391cfe508f315f0f290003292c

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:40:17 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2017.0.2842

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.1626

ESET NOD32
Win32/Somoto.E potentially unwanted
10.12763

McAfee
Artemis!359DF5A75684
5600.6498

NANO AntiVirus
Trojan.Win32.DarkKomet.dhxpbc
0.30.24.3283

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Somoto.GurkanDilmen.Installer (M)
16.2.6.6

VIPRE Antivirus
Trojan.Win32.Generic
45588

File size:
914.9 KB (936,824 bytes)

Product version:
2.10

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup-dvd.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
7/28/2015 2:30:52 AM

Valid to:
7/28/2017 4:17:07 AM

Subject:
E=rezzmeplz@gmail.com, CN=Gürkan Dilmen, L=Istanbul, S=Istanbul, C=TR

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
1247ABFBCAB73A

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:IQi4D/I+abnod2do8FRw1Kc9tgRlvcAb+Hp:I9U/7aLodyFO1KfReAk

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9779

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file setup-dvd.exe has been seen being distributed by the following 4 URLs.

http://software.thaiware.com/download_url.php?id=8538

http://baixar.freedownloadmanager.org/Windows-PC/.../GRATUITO-2.10.html?ac198d2

Remove setup-dvd.exe - Powered by Reason Core Security