Setup.exe

vId play

The file Setup.exe by vId play has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
vId play  (signed and verified)

MD5:
4d51d045414eefb27054edd3c131666e

SHA-1:
8764c959ac34e2073c37311adc27d99315dc07f3

SHA-256:
53d0515e00efecda400bd7c44e21923b9a6e2fece0661df5318884b568ec9435

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/27/2024 8:11:43 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.02.03

Avira AntiVirus
APPL/Downloader.Gen
7.11.206.144

AVG
Downloader
2016.0.3102

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.15521

Dr.Web
Trojan.OutBrowse.88
9.0.1.0141

ESET NOD32
Win32/OutBrowse.BS potentially unwanted (variant)
9.11112

Fortinet FortiGate
Riskware/OutBrowse
5/21/2015

K7 AntiVirus
DoS-Trojan
13.193.14838

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.05.21.11

McAfee
Artemis!4D51D045414E
5600.6758

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Outbrowse.Installer.Outborwse
15.5.21.23

Sophos
Generic PUA IH
4.98

Trend Micro House Call
TROJ_GEN.R02SH06B115
7.2.141

File size:
582.4 KB (596,408 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/27/2015 7:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=vId play, O=vId play, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7EBEFABABE4FF6ED9A2375F072C4A7DD

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:QRxfoTqhek3+zRoh5Z8zA8dhY+WIfGObcwJP0cdDjY/XrT:QrDhRqRiozldWifGObc8822

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9705

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security