» converterlite-1611.exe
Overview
Analysis
File Details
Downloads (13)

converterlite-1611.exe

Golef

ConnectorPrompt (Alpha Criteria Ltd.)

The application converterlite-1611.exe, “Golef Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.packagerepositorypackage.com and multiple other hosts.

File name:

Publisher:

ConnectorPrompt (Alpha Criteria Ltd.) (signed and verified)

Product:

Golef

Description:

Golef Setup

MD5:

e020e4edb42036860366577de5ea966f

SHA-1:

565d586fb1d01437e67b2a32f7894feaa5f47dd0

SHA-256:

ccbcb4947441ad76857698777f78448764a653accc0087314257a8ebd544d589

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/5/2024 9:47:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.9.6.7

File size:

946.3 KB (968,992 bytes)

Product version:

3.1.9

Program Web

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\converterlite-1611.exe

Digital Signature

Signed by:

ConnectorPrompt (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/16/2015 7:14:48 AM

Valid to:

9/2/2016 7:24:46 AM

Subject:

CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:fiGtw6r+nQQCSDHBphyg8CC+RYOV+Q/bxQhPXaRUy7tmq3qFWyTgcRl7q3C8pJt6:fiMwe+n5wrX+RlV+SRUWbsWpml7uW1

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9378

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file converterlite-1611.exe has been seen being distributed by the following 13 URLs.

http://www.packagerepositorypackage.com/c?x=ZlLfYaO AIq5QVU8HI7LSesYDoaWc6DzOrJj0QJn TM=&e=0&c=LzvmQ0PELmH 9tcH2sMSl8K5B3qJYSCLADqK0VQBj94lwEFZ/ 6iMwByqqx6pt hxuM1ry8YMwrYDBPLGp54K0 nb/MKrrRSp4MvPKvx44dVRlJqqhJSKOTV8CGHoBaTa4OOx00XlXkcV0V9vu/f9 j9JhpNiH6UbYZDTpruJzE=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=VQfBVC03gUS3vWXh2nWLqj5TzguHdLVqeqaLqrNd830=&e=0&c=JwNjAe8y49TLDxAg9Pu1GjuLvJxQpXyMNeeabwenAORTCdbnv8QJwnOS8kTp 5h3Gnh8FWJEbqcQJh10yLxO38dN1nf9hhnuGXcUwHaOg2lMGW6sXSaz6vtMz MaaRZuzlQAj4mvSFbizojN4nPmk7I/o3PBwOPa XDch5T3PMA=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=AA9fxx4vbxFsF9OrN46fMyYAFhH6llsw9pW4G8A0pfY=&e=0&c=zvuVFBphjB5aDVp9pH05J24hDqFNlqojwOhQKqitEZ8rwezhjpDp6cpjzFZ9WQ6lSOrATs4yjPS3/lyH7MW6kM4E2KfrrHrgg OBuLbxWseaS3ZtmKKYf gCvEFGSddmxWGhfQabIaRYj 8B4b yElxq9r8WTbiWIrMAArztGS4=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=M5tEIRqTdLIanGmkfKX//tXVpIWqWdzIxbTSOiMoUaI=&e=0&c=dMbVtF7hkeB5FMylhtWnueq4z/6nBz8hQh mMThYLE1CI64TRo00mOdZ6CM8st2VoEZQ87c4eM8A81zWwIcJdWMFIkIlEjWZmKNWG6ldTLF9ekp5WlgOWWD1sZuSktFTDIkl96v3QGGUpVC2OPHpTzPSd7fHrBf TFIK0cfYA6k=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=pUq98x39dlQeVT0fsYgt87YrRTOYrmZbBpFy323S7V0=&e=0&c=WAXoW2GvgFx0OYmoBWNxUqHaUBX0hBatOw2AbUVY ESPLkmm4i/tdhKNyj8k0IjZl75DU3XQeqB3IFXcIAOU2D/8DI6dOVkCBh5hSV4U WltfnlPIlFdNmddflQEcmGY0S3c3lZedkdXHw6 rdy2zkiddtfn4S6J2tvyu38g47Y=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=87B1MqBlIlvixh/6ewNeQ4HCsgk4/xgGZEY5ykyeB1Y=&e=0&c=GKstDgoFc7eDTlpkIzCr0YMeatXbpykFLXIWJIEzk2qKAy0fbnGkOzVbbqQZ3/Rbc25gbo3y25yff/cmdWqPBBYUNa0LqMEOFHtK 0WZCDau8Zgq2gDyYe7MWIGNXhvIN4hRSQDQ2T5sjtg sKRbFCWFPX6JtV6l/V0S2DOvwFs=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=gklJtVHJvT2HeJFIMJphSNi8k/bzvKgQffGilWJxd2k=&e=0&c=BOOg8Y8AwsPGjnTi2 BspZHuqYB2WOB13sRfnElAmoBOWla16bggPY nH0i/7SRQMX64ONLpVwlVwF3wwyuIa2g5rbYRxddvOaBk2 oIYtCeRYxS/Yl1KsNyvB4gkdTF0XLbcYlIqOs2JbJIc6CR2uFLqmhWOUBaIbN hWJYQt0=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=DnHifgvq QecGywpW/vZ/IkfoAIWBMqvTobzBQijqUU=&e=0&c=kt5yPxuJ49QkJ7UMZcymYEh5erFygpemuyO9cc5kcMD66PMjBaiKHRxqPa2kvxNhRJixb1M TicKKytwY/C31g0cPLyjh/rec sz8IHJIvMopLg5Gx8Ug5b79a8L7sFOFHX24YI2tGJ3 HQMo915l6yH75OV/mL 1zERnGnn4bQ=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=O0ShTTGnt3SkPEt0srpd9dSzk4wq9VaHvNYNy5NFQxs=&e=0&c=qiJQusZ62aHCMVQ0JTtxOQ6irsmO2nTy1daP9QbbIhBXsijsPcp9Vt3xt qZzNwxUpBNw/FoV05mMEGgf/rKefcp4YVXpyz1estv14DMYKf 0N yks2FtpTZmckI 35NjcggQesSCvUzRTaSyMzsSs76gR8TBGJow0vnwvrhw9g=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=PPO46r/aGeMr1hYM0YGwG CJvDyCzmDhbGwLdC12dLs=&e=0&c=L5jd5LDJ6GS7fjpQ6IF6MzuPUgpdApPb20W0y7Gb0CJl915fyykF/sZcxKGPzmCj2wLuG5LjUqsaCKgb1UwfEM7j07ouP8Yims3W51ThTUoJZVyyHZhWr5YzoWkvVBL/oYXtlhJBBB6EqXMq2XVskJdU46RoNDhe Oj4VzPXCGc=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=b6ERsXhrr6S8owBi/SjrnmpGxUXXPuDGkaS/RIfKIew=&e=0&c=jEmOADeX5 2OSN08FlJTtm5wyiQoS4LDSf4rA 01faAbrb9DCSXj16n5zNk/Rxjh54u5Q7rj08ho6cSUXRfzT1Cj5k39O3/ecJbJFgaUE4STGiLj0ISSGe154G j7StKFOeXHHoaErWDJGGwfb8r2KcnKwegVg2PP/NGfiX1oAk=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x= bSDQG4CUR2S3FiLw5zszVKcn9zA11SBiSuJacfj1wo=&e=0&c=P3P0Hjo/ebKjtGv9NgVsH ELZWlIf7UoxbZnLnBDhe 63/YABlwRgPVR5QKkN0lf3RQbLaZwMsDbovbQgETi80dMUcyhS XbHkCYOhfqW7ZBVsP84zEIT660LOhzH52u0zKREWIes0ZFJnwiMnhhOQ9etKsZj 0Keoxs7QooYe0=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

http://www.packagerepositorypackage.com/c?x=RJkN8s6 ZJjI0wCjQgmtx43Os/3bfs4Wi/1zJCsYUeo=&e=0&c= X8/cVbr/B36x1/jErFOCu8IDZkiKyfaALNrYiFQGVeSiFA Yomp7dPe/LVmC4oppYDd1st8u1iYVd14wIbu3JRBI ungI6wyqiBflxSUAHZyPSKuJvsiHB UtJQfst8vW6MmuvanXPmenCdsAs2SaUk7lRCWGH6ye/q1/HMXS4=&downloadAs=ConverterLite-1611.exe&fallback_url=http://.../setup-converterlite-1.6.11.0-silent.exe

Remove converterlite-1611.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.