ConvertHelper.exe

ConvertHelper

The application ConvertHelper.exe, “ConvertHelper Setup ” has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from converthelper.net.
Product:
ConvertHelper

Description:
ConvertHelper Setup

MD5:
a9fd2904fc1ae0e11645beb0f0f2c136

SHA-1:
f2cda3d9e19d19e8e577ba220ee001a1c0da475e

SHA-256:
f8d69aec9fa951d8231d5236da583c78dc3d123d08519ff4d61e3d7400600fcd

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/5/2024 2:35:53 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.InstallMonetizer
4.0.3.131126

Bkav FE
W32.Clod39d.Trojan
1.3.0.4613

ESET NOD32
Win32/InstallMonetizer.AF
7.9190

Fortinet FortiGate
W32/Generic.AF!tr
8/24/2013

K7 AntiVirus
Trojan
13.174.10609

McAfee
Artemis!A9FD2904FC1A
5600.7176

File size:
7.5 MB (7,895,874 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\converthelper.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:2Vbmd655MPxQSVzjj7NVaQhoNScbBblyitg85K:2bE6feQ05VaSoNPN7g85K

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9995

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file ConvertHelper.exe has been seen being distributed by the following URL.

Remove ConvertHelper.exe - Powered by Reason Core Security