» vpsetup.exe
Overview
Analysis
File Details
Downloads (1)

vpsetup.exe

Win

The executable vpsetup.exe has been detected as malware by 10 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from videopad-video-editor.en.softonic.com.

File name:

vpsetup.exe

Publisher:

Microsoft* (Invalid match)

Product:

Win

Version:

1.00

MD5:

8df4d22cdabf8b957a614d1feb983741

SHA-1:

f146a14b9c69a2a76806f2b025961a5f4506e26a

SHA-256:

d3b3e8b8c9befcbf94cf6d04fc24127e6f75edf0a8c6ab9fab0d4316e8f0b1a8

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/6/2024 2:41:33 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160327-1

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Swisyn.ag

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1755.0

Norman

Win32.Sality.3

10.04.2016 15:29:17

VIPRE Antivirus

Threat.4721115

48734

File size:

5.2 MB (5,494,804 bytes)

Product version:

1.00

Original file name:

Win.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\vpsetup.exe

File PE Metadata

Compilation timestamp:

6/15/2011 3:01:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:Jl0MzwROEcPVpAtC2X9hti03yEnWVQnb7IgD8o7o++UyCIcVIO:JmgwROZPVD2X9ht9iVQnb7IgD8bSPd

Entry address:

0x3670

Entry point:

8D, 05, BB, 57, 91, CA, C6, C4, 64, 69, F0, 4C, DA, 36, 58, F6, C6, 04, F7, C0, EF, 4C, C2, 2F, 0F, AF, F1, 81, EE, AC, 89, CE, 32, 69, EB, C5, 82, 99, 50, 84, C7, F2, F2, 18, E9, 85, CA, E8, 19, 00, 00, 00, 69, EB, C4, 46, 48, D3, 03, F1, 8A, F1, 0F, B6, C1, 86, D6, 2B, FF, C7, C1, A7, 95, C9, 3B, FF, C1, F2, 8A, FC, F7, C0, 2F, 38, 42, 7B, F6, C0, 0D, 86, CC, 2B, D1, 0F, B6, E9, 23, DE, FF, C6, 6B, FF, 00, 47, F3, 3D, 80, BE, 11, 08, 15, B5, 25, D0, 7F, 8B, D0, 84, E4, 0F, BE, CE, 81, FF, AE, 05, 00, 00... 
[+]

Entropy:

7.9867 (probably packed)

Code size:

172 KB (176,128 bytes)

The file vpsetup.exe has been seen being distributed by the following URL.

http://videopad-video-editor.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPUU9aRSUDg 7v0hqvPNHkQ /Sm GK2tvkuj2NRBh8vkQIX78sGLbiPXotlB5CY9eTguEDHcQ p/.../QZzfy0X aCkZFYR8D4XdGto5 4K9D3x3GDwk k5CJ0=

Remove vpsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.