» veehd_setup.exe
Overview
Analysis
File Details

veehd_setup.exe

Thitawan Chotiga

The application veehd_setup.exe by Thitawan Chotiga has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

veehd_setup.exe

Publisher:

Thitawan Chotiga (signed and verified)

MD5:

30ef667b6990ddb83aa6665d4a6fbf77

SHA-1:

f995b26991b8a038b27f550883af1650a0ecd650

SHA-256:

7a36b7c9b79a7931bb811c600f3a51cb96df2e976713ed7bb9b44f1f1cc89b52

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

May bundle various unwanted software without adequate user consent.

Analysis date:

12/28/2024 2:12:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.LT

456

Agnitum Outpost

Riskware.ShimChanger

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

8.3.2.2

Arcabit

Application.Bundler.MC

1.0.0.582

avast!

Win32:Adware-gen [Adw]

2014.9-151106

AVG

MultiBundle

2016.0.2934

Bitdefender

Application.Bundler.LT

1.0.20.1550

Comodo Security

ApplicUnwnt

23429

ESET NOD32

NSIS/TrojanDropper.Agent.CB

9.12421

F-Prot

W32/ShimChanger.A.gen

v6.4.7.1.166

F-Secure

Application.Bundler.MC

11.2015-06-11_6

G Data

Application.Bundler.LT

15.11.25

K7 AntiVirus

Riskware

13.211.17567

Kaspersky

not-a-virus:HEUR:Downloader.Win32.Generic

14.0.0.1163

McAfee

Artemis!2686029220FB

5600.6590

MicroWorld eScan

Application.Bundler.LT

16.0.0.930

NANO AntiVirus

Trojan.Win32.MLW.dnprfx

0.30.26.3947

Panda Antivirus

Trj/CI.A

15.11.06.09

Qihoo 360 Security

Win32/Virus.Adware.47b

1.0.0.1015

Sophos

Generic PUA GD (PUA)

4.98

File size:

439.2 KB (449,720 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\veehd_setup.exe

Digital Signature

Signed by:

Thitawan Chotiga

Authority:

Thawte, Inc.

Valid from:

11/6/2014 6:00:00 PM

Valid to:

11/7/2015 5:59:59 PM

Subject:

CN=Thitawan Chotiga, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7A7654DFEC619A31A64670C1F113D427

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:8EhOJEL8XdA7ud1Hx/ZtSqnBtUYKGRH9G/DBH8Z:9G5dA7GfTSqBtUkH9A+

Entry address:

0x30DE

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 27, 7A, 00, E8, F1, 2B, 00, 00, A3, A4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 68, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, A0, 1E, 7A, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9420

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove veehd_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.