setup.exe

vGrabber

http://www.vgrabber.com

The application setup.exe, “Save online videos to your PC in a single click!” has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.online-video-downloaders.com.
Publisher:
http://www.vgrabber.com

Product:
vGrabber

Description:
Save online videos to your PC in a single click!

Version:
1.14

MD5:
866d047fd75568845046990939528308

SHA-1:
c878b39033d11575938891eb78c327c12d7cb32b

SHA-256:
5d40846f2eb17b3ea61d4ef8b3210862353e27410ca56345ec48a9d66f2c9f2f

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
12/26/2024 4:47:00 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.vGrabber
2013.03.21

Avira AntiVirus
Adware/Zugo.C.1
7.11.65.166

avast!
NSIS:Bundlore-C [Adw]
2014.9-140319

Bitdefender
Adware.Agent.NKT
1.0.20.390

Dr.Web
Adware.Downware.336
9.0.1.078

Emsisoft Anti-Malware
Adware.Win32.Bundlore.AMN
8.14.03.19.03

ESET NOD32
Win32/Adware.Bundlore
8.8142

Fortinet FortiGate
Riskware/Bundlore
3/19/2014

F-Secure
Adware.Agent.NKT
11.2014-19-03_4

G Data
Adware.Agent.NKT
14.3.22

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.4149

Malwarebytes
PUP.BundleInstaller.VG
v2014.03.19.03

McAfee
Generic PUP.x!bft
5600.7187

NANO AntiVirus
Riskware.Nsis.Downware.yrefc
0.22.8.51404

nProtect
Adware.Agent.NKT
13.03.21.04

Panda Antivirus
Generic Malware
14.03.19.03

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
16190

File size:
303.8 KB (311,108 bytes)

Copyright:
© http://www.vgrabber.com (vGrabber_C93_AUTO_WITHPOST)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Bs8McjID2MEEKm/HkXO+OiXj7g5jWMWEDEygzax2VTaiadEaOPmA6JMOUj:DMc0qGN2DOK7sWMWEDZIVTaiadB6/6Jc

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8652

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security