vlcplayersetup_4196167637.exe

Nesino

Secure Software Products

The application vlcplayersetup_4196167637.exe, “Nesino Setup ” by Secure Software Products has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headmetavault.com.
Publisher:
Secure Software Products  (signed and verified)

Product:
Nesino

Description:
Nesino Setup

Version:
1.7.3.5

MD5:
a0f2f59573131b25a6d8743ce0b3ff60

SHA-1:
d71c3ec4b73c2e9fb2446db16a0252d0b04b5123

SHA-256:
b9f9e336d425ab9282de805b233ddd377a89efb6f69efde44ff0bdf14dba0bc7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/23/2024 3:06:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.11

File size:
948.4 KB (971,144 bytes)

Product version:
2.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlcplayersetup_4196167637.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
4/20/2016 3:59:38 AM

Valid to:
4/20/2017 3:59:38 AM

Subject:
CN=Secure Software Products, O=Secure Software Products, L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
5E7095902F2C0288

File PE Metadata
Compilation timestamp:
6/20/1992 4:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9361

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vlcplayersetup_4196167637.exe has been seen being distributed by the following URL.

http://www.headmetavault.com/i9QySEtVghuYbog2LTSDOvJVW6JItSjwFuf CtzKXTHck8NKb7ag_OmnDqbm7t_FOmiedR 390JFMHgnyGagpD1nzBqCo7yvKlaW7oybWZluGJZr4WxZZ57FnngOEsbA si3uYl4VGhFZblP1VxxZwQzx40aC1gO3d4lVTKwHy8YgY L NmTfGQ9U yQq9XkCj5Sw6zNcqtmTSMFgdTovyMJxQDCyiQIKdehqAxO53p8lwCwiOiEQfFy9Zvs3jr9aNpKPzqR2hJ8QGXYBbjvaFLQP_ipCmDcCf2ws8UnThDd WbtPgWqh0Y4JH_PXVY3wPhICQxr6mJOiwDZrYDUOxaNRlPFSBft4lDgJOCdm CYzvbfuhcMVrQq8brYDjSPJOqfh54aIaXFlEoDEhh6C_bTtn_OKCXeH2eUQBZsU7nrGgp3akzEBZlE9a67zwbxWxdQo1yBMKeZTwCtLPJIhUrFVyav8HHOlryXnVqZTT6xl5Xfsd0U5O58vEdSaZrS7LVOFKpTPqoN ZPcJ lFao679mAH36tUBaXh_w6LAXFV GcL5yHtz7y323kclC0TcHD2BMO5cZav1j_hzbG0tZ4jDnFnl7G9C3 ueAhNxAIVyQConBKQfpo9A3OgDZ7INKeES9QZZ8KFg4zJNw4V9gsyrL5wOxtUuDG1fKKHRe9WoL_mIPKCWn0jaH_ 1g drN3i8bbjqzq_y9FwpEzCp18t1tg5cDYXK0FMl6iNP16Wg5fS_mICcl66RfVw3mL20fmkQto7keh49k5WdUja6lAaYxZgnw==-GzMAAERveF5WyHnxKMlFgQ04cKgnGpCGDTjxCsazxvNoNJG2f_CIPVtOAobRZavgcwA=

Remove vlcplayersetup_4196167637.exe - Powered by Reason Core Security