home

Setup.exe

Vlc Player

2433090 Ontario Ltd

The file Setup.exe by 2433090 Ontario has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.youknowitshd.com and multiple other hosts.
Publisher:
Downloadius  (signed by 2433090 Ontario Ltd)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
9673e846377a31016f6b6f9d03132fc6

SHA-1:
981acf70e7c5f37cc14445f11c286a57ccf19baa

SHA-256:
83392854ced93a4668a5e9d5ba5d4b4ca952fdfa9eaf052a929000759e8fe24a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 7:08:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1935474
824

Avira AntiVirus
TR/Rogue.566552
7.11.182.42

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14112

Bitdefender
Trojan.GenericKD.1935474
1.0.20.1530

Emsisoft Anti-Malware
Trojan.GenericKD.1935474
8.14.11.02.08

ESET NOD32
Win32/Toolbar.Montiera
8.10639

F-Secure
Trojan.GenericKD.1935474
11.2014-02-11_1

G Data
Trojan.GenericKD.1935474
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.Montiera
v2014.11.02.08

McAfee
Artemis!9673E846377A
5600.6958

MicroWorld eScan
Trojan.GenericKD.1935474
15.0.0.918

NANO AntiVirus
Trojan.Win32.Toolbar.dgukom
0.28.6.62995

nProtect
Trojan.GenericKD.1935474
14.10.29.01

File size:
553.3 KB (566,552 bytes)

Product version:
2.0

Copyright:
Downloadius

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
2433090 Ontario Ltd

Authority:
DigiCert Inc

Valid from:
9/10/2014 6:00:00 PM

Valid to:
9/16/2015 6:00:00 AM

Subject:
CN=2433090 Ontario Ltd, O=2433090 Ontario Ltd, L=Richmond Hill, S=Ontario, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
041CC666EA43520E87163DFE1A177B5A

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:mElt6or/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaYC:xlt6owwcfpYcPBSB/igB2WLn/C

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9727

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://www.youknowitshd.com/.../dlcf240d9060577379d44f97e4be12861c5717b2d9.php?aflt=CD3789&cid=3496a435d11bee8eeb435054ebd0bad1

http://www.youknowitshd.com/.../dlbb051006a86545d5ee858e478e080d1823b4f41d.php?aflt=CD3789&cid=df5e416f96d2f308f715e8d792bc4d6e

http://www.youknowitshd.com/.../downloader.php?aflt=CD2378&cid=a2cd57540824138b75635a4bfe05d2b2

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.