» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

vGrabber

http://vgrabber.org

The application setup.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.mynicepicks.com.

File name:

setup.exe

Publisher:

http://vgrabber.org

Product:

vGrabber

Description:

vGrabber setup

Version:

1.14

MD5:

6b319b236d7ff60a21e328d108cde41a

SHA-1:

4bfbfb0ab4df567b3105f2eb52179ae1b89f8b0f

SHA-256:

0dc540fb9ebb701405552050596a235c55bd5b5ed663a1d83c9501557eaa699c

Scanner detections:

18 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

11/23/2024 11:59:39 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.391462

489

Avira AntiVirus

Adware/Zugo.C.2

7.11.182.78

avast!

NSIS:Ezula-BC [Adw]

2014.9-151004

Baidu Antivirus

AdWare.Win32.Bundlore

4.0.3.15104

Bitdefender

Application.Generic.391462

1.0.20.1385

Dr.Web

Trojan.DownLoader7.7108

9.0.1.0277

ESET NOD32

Win32/Adware.Bundlore

9.10644

Fortinet FortiGate

Riskware/Bundlore

10/4/2015

F-Secure

Application.Generic.391462

11.2015-04-10_1

G Data

Application.Generic.391462

15.10.24

Malwarebytes

PUP.BundleInstaller.VG

v2015.10.04.05

McAfee

RDN/Generic PUP.x!dy

5600.6623

MicroWorld eScan

Application.Generic.391462

16.0.0.831

NANO AntiVirus

Riskware.Text.Babylon.cwhyhv

0.28.6.62995

Reason Heuristics

PUP.VGrabber.Installer.Bundler.Installer.Meta (L)

15.10.4.5

Sophos

vGrabber

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34366

File size:

373.9 KB (382,880 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:esLeVIMwiPfsnCFyjh01xSLM+9rPb1qzofO98RrTAcZ4PbmRSkKPeCHBb1jMhe6I:peq+f2Co61wLn31jfO+rZ4PbOspKeVB

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9417

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.mynicepicks.com/download/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.