home

setup.exe

VLC

INSTALLER TECHNOLOGY CO.

This installer routine uses the Babylon network to include bundled offers of potentially unwanted programs (mostly search adware) such as toolbars and browser extensions. The application setup.exe by INSTALLER TECHNOLOGY CO has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Company  (signed by INSTALLER TECHNOLOGY CO.)

Product:
VLC

Description:
VLC Media Player

Version:
1.0.0.0

MD5:
0140a060ea2cf417246d758910c3d36e

SHA-1:
38a539599dd7cf760523a74afd163056ed846b5f

SHA-256:
6630e7a7a8faa749b98158f3fa273163100d01778124a10a15e4654f69ed2a97

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
1/12/2025 12:48:16 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.BundleInstaller
2013.03.18

avast!
NSIS:Techon-U [Adw]
2014.9-150530

Dr.Web
Adware.Downware.885
9.0.1.0150

Emsisoft Anti-Malware
Trojan-Downloader.NSIS.Agent.AMN
8.15.05.30.12

ESET NOD32
NSIS/TrojanDownloader.Agent.NMB
9.8128

G Data
NSIS:Techon-U
15.5.22

Malwarebytes
PUP.Adware.Bundle
v2015.05.30.12

MicroWorld eScan
NSIS:Ezula-CK [Adw]
16.0.0.450

Reason Heuristics
PUP.Installer.INSTALLERTECHNOLOGYCO
15.5.30.12

Trend Micro House Call
TROJ_GEN.F47V0917
7.2.150

File size:
221.5 KB (226,832 bytes)

Copyright:
Author © 2011

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\roaming\launcher\setup.exe

Digital Signature
Signed by:
INSTALLER TECHNOLOGY CO.

Authority:
VeriSign, Inc.

Valid from:
10/7/2011 3:00:00 AM

Valid to:
10/7/2012 2:59:59 AM

Subject:
CN=INSTALLER TECHNOLOGY CO., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INSTALLER TECHNOLOGY CO., L=Miami, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
60CCE00F103A5A6CAADCA436795FA565

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:XgXdZt9P6D3XJg845NOODbotfbe2fiezOlAAr7iKi5K3LJMKShsXM1ca2l5GS:Xe34+84OMoBe2ff6l97qU3NMKasXMqYS

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8081

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://trusted-windows-installer.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.