Setup.exe

YUVIDEO Converter

Search Safer Inc.

The file Setup.exe by Search Safer has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from tiny.cc.
Publisher:
yuvideo.com  (signed by Search Safer Inc.)

Product:
YUVIDEO Converter

Description:
YUVIDEO setup

Version:
1.1

MD5:
225550dd2f9c312f73e6ed0e1647e9c0

SHA-1:
8f130bf05c1bd4e883c5aafe5448c94b71647c2b

SHA-256:
3c5ef3c888e7c89db2d8b1bbe4d9039fb37163554e281f230b8fc9d2a1a8d911

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/26/2024 12:59:35 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

Reason Heuristics
PUP.SearchSafer.Installer (M)
15.8.16.19

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Search Safer
42562

File size:
241.9 KB (247,736 bytes)

Copyright:
© yuvideo.com (YUVIDEO_BL_Standard_SEARCHPROTECT)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
4/28/2014 8:00:00 PM

Valid to:
2/10/2016 7:00:00 AM

Subject:
CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08ACAD842A099F9B8EBC1FDD70D3DABB

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:gSR+byRYx1LiSquHyFIMBGsUNDlWWeGvHRphTRlIU:iOu1u4HiIUGsCDl5emflf

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8817

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://tiny.cc/yuvideodownloadbutton

Remove Setup.exe - Powered by Reason Core Security