Setup.exe

Vlc Player

2433090 Ontario Ltd

The file Setup.exe by 2433090 Ontario has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.youknowitshd.com and multiple other hosts.
Publisher:
Downloadius  (signed by 2433090 Ontario Ltd)

Product:
Vlc Player

Description:
vlcplayer

Version:
6.1.0.0

MD5:
9673e846377a31016f6b6f9d03132fc6

SHA-1:
981acf70e7c5f37cc14445f11c286a57ccf19baa

SHA-256:
83392854ced93a4668a5e9d5ba5d4b4ca952fdfa9eaf052a929000759e8fe24a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:32:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1935474
824

Avira AntiVirus
TR/Rogue.566552
7.11.182.42

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14112

Bitdefender
Trojan.GenericKD.1935474
1.0.20.1530

Emsisoft Anti-Malware
Trojan.GenericKD.1935474
8.14.11.02.08

ESET NOD32
Win32/Toolbar.Montiera
8.10639

F-Secure
Trojan.GenericKD.1935474
11.2014-02-11_1

G Data
Trojan.GenericKD.1935474
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.Montiera
v2014.11.02.08

McAfee
Artemis!9673E846377A
5600.6958

MicroWorld eScan
Trojan.GenericKD.1935474
15.0.0.918

NANO AntiVirus
Trojan.Win32.Toolbar.dgukom
0.28.6.62995

nProtect
Trojan.GenericKD.1935474
14.10.29.01

File size:
553.3 KB (566,552 bytes)

Product version:
2.0

Copyright:
Downloadius

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
9/10/2014 6:00:00 PM

Valid to:
9/16/2015 6:00:00 AM

Subject:
CN=2433090 Ontario Ltd, O=2433090 Ontario Ltd, L=Richmond Hill, S=Ontario, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
041CC666EA43520E87163DFE1A177B5A

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:mElt6or/+Zvwc4Ht+pY9nWW6NPBSBdZchgB9goPis/LnaYC:xlt6owwcfpYcPBSB/igB2WLn/C

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9727

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://www.youknowitshd.com/.../dlcf240d9060577379d44f97e4be12861c5717b2d9.php?aflt=CD3789&cid=3496a435d11bee8eeb435054ebd0bad1

Remove Setup.exe - Powered by Reason Core Security