» xwidget_setup188.exe
Overview
Analysis
File Details
Downloads (3)

xwidget_setup188.exe

XWidget

XWidget Software

The application xwidget_setup188.exe, “XWidget Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from zr3mzw.bn1.livefilestore.com and multiple other hosts.

File name:

Publisher:

XWidget Software

Product:

XWidget

Description:

XWidget Setup

Version:

1.88

MD5:

0f52be02616394d75623b6968b29bc4a

SHA-1:

4e274ba0144c7bd986db192582f58f332f4691e7

SHA-256:

d0d1d3eec63a345d0cfdcbe273ea70b6744c635d6289cdb8236b23723c97b53d

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/5/2024 6:50:28 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.2013

9.0.1.040

ESET NOD32

Win32/InstallMonetizer.AQ

8.9387

F-Prot

W32/FakeInstall.A.gen

v6.4.7.1.166

File size:

8.9 MB (9,281,567 bytes)

Product version:

1.88

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\xwidget_setup188.exe

File PE Metadata

Compilation timestamp:

12/20/2011 3:16:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:GgFyoUFUOgEBkelliDdfRtjzqS/CT2gQSXn56UaoKz:GgWFyEB/l4FCCgQSXn5aoK

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file xwidget_setup188.exe has been seen being distributed by the following 3 URLs.

https://zr3mzw.bn1.livefilestore.com/.../xwidget_setup188.exe

https://skydrive.live.com/download.aspx?cid=699191692487C544&resid=699191692487C544!108&authkey=!AHMyZv7Z97B7BDU&canary=

http://storage.dobreprogramy.pl/.../xwidget_setup188(dobreprogramy.pl).exe

Remove xwidget_setup188.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.