Setup.exe

vId play

The file Setup.exe by vId play has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
vId play  (signed and verified)

MD5:
891397df810a129f6d47d44d98a288a9

SHA-1:
9218a401cb89894de3f951e0faedf456e72e3cda

SHA-256:
a786aeecfa0f3f8da6ca15ac7b60c4f56e181b9a1f51dd6b285f74fe7e7d1cd4

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/27/2024 8:37:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Outbrowse.1
5579643

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.16

Avira AntiVirus
PUA/Outbrowse.Gen
8.3.1.6

avast!
OutBrowse-IM [PUP]
150414-0

AVG
Potentially harmful program Downloader.DIN
2014.0.4311

Bitdefender
Application.Bundler.Outbrowse.BA
1.0.20.680

Comodo Security
Application.Win32.AltBrowse.HY
22136

Dr.Web
Trojan.OutBrowse.92
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Outbrowse.BA
10.0.0.5366

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
5/16/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-16-05_7

G Data
Application.Bundler.Outbrowse.BA
15.5.25

K7 AntiVirus
Trojan
13.204.15932

Malwarebytes
PUP.Optional.OutBrowse.gen
v2015.05.16.10

McAfee
Adware-OutBrowse.e
5600.6764

MicroWorld eScan
Application.Bundler.Outbrowse.BA
16.0.0.408

NANO AntiVirus
Trojan.Win32.OutBrowse.dnkyzt
0.30.24.1357

Quick Heal
Adware.NSIS.OutBrowse.A
5.15.14.00

Reason Heuristics
Threat.Outbrowse.Installer.Outborwse
15.5.16.6

Trend Micro House Call
Suspici.B3BC0FA9
7.2.136

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.4

VIPRE Antivirus
Threat.4823950
39486

File size:
582.4 KB (596,400 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/27/2015 6:00:00 PM

Valid to:
12/17/2015 5:59:59 PM

Subject:
CN=vId play, O=vId play, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7EBEFABABE4FF6ED9A2375F072C4A7DD

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:jlxfoTqhek3+zRoh5Z8zA8dhY+WIfGObcwJP0cdDjY/Xrf:jnDhRqRiozldWifGObc882c

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9705

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove Setup.exe - Powered by Reason Core Security