vuupcbasesetup.exe

VuuPC

ClickMeIn Limited

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application vuupcbasesetup.exe by ClickMeIn Limited has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.vuupc.com and multiple other hosts.
Publisher:
VuuPC Limited  (signed by ClickMeIn Limited)

Product:
VuuPC

Description:
VuuPC Setup

Version:
1.0.0.265

MD5:
082df210b705e5e4a8a63069b27af652

SHA-1:
d2cda9bea88c0c1b29502de3a3959e226d491610

SHA-256:
68fea5674d43831485cf1b480416272c328179e42bbb8d8d89abb001629470bb

Scanner detections:
4 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 5:41:32 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1411
9.0.1.0238

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ClickMeInLimited.O
14.8.26.18

Trend Micro House Call
TROJ_GEN.F47V0113
7.2.238

File size:
288.8 KB (295,728 bytes)

Product version:
1.0.0.265

Copyright:
Copyright 2012

Trademarks:
VuuPC is a trademark of VuuPC Limited

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vuupcbasesetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/11/2012 7:00:00 PM

Valid to:
3/2/2015 6:59:59 PM

Subject:
CN=ClickMeIn Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ClickMeIn Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0181B78FA98E62B38390017BFFA25E8C

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Oe34ghJffZmzrFxxwkHTMoYctgc/LA2S3Oo:DffwzrFvZHMxwo

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8087

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vuupcbasesetup.exe has been seen being distributed by the following 2 URLs.

Remove vuupcbasesetup.exe - Powered by Reason Core Security