avidemux_x32_rus_setup.exe

The executable avidemux_x32_rus_setup.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from cdn.soft-downloads.ru.
MD5:
2fd4ca1d45cd2ad95d502dfb1d03e694

SHA-1:
0d38b4c85193bcebfcbeb3f3e894ce8de51f5ab7

Scanner detections:
1 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/16/2024 6:52:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.7.4

File size:
14.5 MB (15,178,746 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\Documents and Settings\{user}\My documents\downloads\avidemux_x32_rus_setup.exe

File PE Metadata
Compilation timestamp:
9/3/1996 3:20:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
393216:PAcHUUsTBtG2uA4AYFU2xBS55FjCWnRhLC6s6kXvSY3LvAWWg:PuUqBSPeaBS55FjbBv6fSY3LlWg

Entry address:
0x4377

Entry point:
60, 74, 03, 4F, 86, D0, 09, ED, 0F, BE, D3, 41, 72, 02, 84, CC, 0F, AF, EE, 53, 48, E8, BC, 00, 00, 00, F7, C2, BA, 5C, B1, 28, 8D, 3D, B5, 97, 1C, 96, 69, F7, C6, B6, A7, D0, 0F, AF, CD, 8B, F2, 88, CA, 10, FF, 81, ED, FD, F6, FF, FF, 0A, EB, 81, ED, E6, 0D, 00, 00, 6A, 00, 5B, 13, CA, BF, DB, CD, 82, DF, 80, C4, 11, 72, 04, 88, D2, 88, EA, C7, C1, 3C, 7D, C6, 77, FE, C4, 69, C2, D6, 91, 74, 28, 85, F8, 89, ED, 4D, 88, FC, F6, C1, 55, B9, C0, 0B, 00, 00, 8A, E7, 81, F1, AF, 0E, 00, 00, 81, FE, 05, 10, 00...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file avidemux_x32_rus_setup.exe has been seen being distributed by the following URL.

Remove avidemux_x32_rus_setup.exe - Powered by Reason Core Security