home

setup_premium_hdtv2.exe

GENCO LABS LLC

The application setup_premium_hdtv2.exe by GENCO LABS has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from getgsafe.me.
Publisher:
GENCO LABS LLC  (signed and verified)

MD5:
4806d862a6c3ca33cf5548ccbe912e92

SHA-1:
c66e5d963a245d644be65b92ab39b231f54039ed

SHA-256:
923f0689f4513b061240f3d39c095b8e955282840be430f6f899dad3bf4c1e25

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
1/12/2025 10:10:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12366387
637

avast!
Win32:Malware-gen
2014.9-150508

Bitdefender
Trojan.Generic.12366387
1.0.20.640

Emsisoft Anti-Malware
Trojan.Generic.12366387
8.15.05.08.03

F-Prot
W32/A-07794f8f
v6.4.7.1.166

F-Secure
Trojan.Generic.12366387
11.2015-08-05_6

G Data
Trojan.Generic.12366387
15.5.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.5.0

McAfee
Artemis!4806D862A6C3
5600.6771

MicroWorld eScan
Trojan.Generic.12366387
16.0.0.384

NANO AntiVirus
Trojan.Win32.Triosir.dgibtv
0.28.6.64267

Qihoo 360 Security
Malware.QVM31.Gen
1.0.0.1015

Reason Heuristics
Threat.BR Software.Installer
15.5.8.11

Trend Micro House Call
Suspicious_GEN.F47V1216
7.2.128

File size:
1.7 MB (1,744,656 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup_premium_hdtv2.exe

Digital Signature
Signed by:
GENCO LABS LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/16/2014 12:57:03 PM

Valid to:
10/20/2015 10:14:36 PM

Subject:
CN=GENCO LABS LLC, O=GENCO LABS LLC, L=Lewes, S=Delaware, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
046D11ECA38AA4

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:qlZOkvDKavuSPtDKWO1csOEUV8niEk5LAxYzLY:NkvDOSNraJUdEkqxUE

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9971

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup_premium_hdtv2.exe has been seen being distributed by the following URL.

http://getgsafe.me/.../setup_premium_hdtv2.exe

Remove setup_premium_hdtv2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.