6_offer_3.exe

MKV Codec

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Product:
MKV Codec

Description:
MKV Codec Setup

MD5:
50d7ef41c61f46ff591a14e3b1d53932

SHA-1:
018e40ac3f374f6187cd84b42da429617551603a

SHA-256:
d2c6f7564187a97c545ac4ea7dead1b59cd1441108ec996a8e752ce10be95afc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:47:49 AM UTC  (today)

File size:
4.7 MB (4,915,592 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\6_offer_3.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:IPXkMpUpWzLp3hJrkA9ZLoo5/4w0RirGjmR+4fOvBXNnmmJs9RTK/37qj7LA6mZ:cXkMWpW3ZhZkAPd5/ZiNjmRzyrP/Lqj+

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9988

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 6_offer_3.exe has been seen being distributed by the following 11 URLs.

http://software-files-a.cnet.com/s/software/13/81/54/.../mkvcodec_setup.exe

&onid=13632&oid=3001-13632_4-76088742&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=video/players&topicbrcrm=&pid=15547413&mfgid=80094&merid=80094&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=c18602a7d251b942893fb302&viewguid=giH0ST8hZqNLnhERUUYxckCCUHlBmao5ff@2&destUrl=http://convertaudiofree.com/.../mkvcodec_setup.exe

https://mkv-codec.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN5JOTkdp1YTv O2sp4sPZb0OC2m/Ia/pbc833vBs9/S5kU hcdMUqS3qf1ledf9T94qqRQ7jVJFy1Dt712TLi2Wcd31lmaenSIKWlOgXIKC8XRU3k6Jcec73M4USjHtNNMDglb5stuSOFm/9kGw1Z9HzF6h7sXE6Q9xsGXTl64UUrTGzpO0qLcM3GgnEAdkW2A1ZO8jI1W/BTnTZEqtWkH2P6WXxYfsNLGh075ZQ92BiH6SZ Bodpce1FEWuUKsPQnd3pJbYWI8mi/rFFHm3hM/wQTMcg6aOz7m6M6/SUooNkKIHIbgaryYtbf4S7RnZPzDySrgT3sAQMD05qKL 3GhLS6m17Ii6Be5iL FN8iT8Aq3CzmEN63tEkIiGfdi164WpTTwcwchwad7m1CeNcSXXVFFhxwyl332vru/Fo1E90IBDddzw1Ftb3ftuWrp3wWVGvIxACYA/Mfi1YAqyVhrv0n6C4hBwIm2wQJflGf63lY/sPrzUJfzn9GdKDviE/ZTXzz2tDyjxYOcco8vVCUwpmYKdLtvARj7xhddVW1F3TO7Fuu30mfd/.../dhgMTq7QlbDEm5FeFbJH8k6S hpOKcfZkuXJHXqYYaKfcVlSMLMW6racTyU=

&onid=13632&oid=3001-13632_4-76088742&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=video/players&topicbrcrm=&pid=15547413&mfgid=80094&merid=80094&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=bde28346e30d214d98b45c2d&viewguid=f4Jkgi@J3SsrhlzsLcR9hVZYUrqvrL8zOsoG&destUrl=http://convertaudiofree.com/.../mkvcodec_setup.exe

http://convertaudiofree.com/download.php?domain=convertaudiofree.com&folder=files&filename=mkvcodec_setup.exe&sig=mkvcodec_setup.exe&h=a400f9097a0ea38675424ce5c7c3939f&t=1465331014

http://convertaudiofree.com/download.php?domain=convertaudiofree.com&folder=files&filename=mkvcodec_setup.exe&sig=mkvcodec_setup.exe&h=5d684acf23883c8660f76517ed64a43a&t=1465215500

http://convertaudiofree.com/download.php?domain=convertaudiofree.com&folder=files&filename=mkvcodec_setup.exe&sig=mkvcodec_setup.exe&h=fdecead38802c0965ec7da1edb5c93c7&t=1465395167

Scan 6_offer_3.exe - Powered by Reason Core Security