convertor.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application convertor.exe by Polyanskaya Irina has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Convertor triggered daily at a specified time.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
c0dfffd82121f9c07adb73f76b94ebcc

SHA-1:
c63111c177bd1f0c1ee223ee84623011966a97e1

SHA-256:
a43f3c842c3daeb51248a3b8129af7b59901b14c88bfbe460895bbaacfd0458f

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 1:51:43 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.Vonteera (variant)
9.11068

IKARUS anti.virus
PUA.Vonteera
t3scan.1.8.6.0

Panda Antivirus
Trj/Genetic.gen
15.01.24.08

Reason Heuristics
PUP.Task.WebPick
15.3.18.1

Trend Micro House Call
Suspicious_GEN.F47V0123
7.2.24

File size:
155.6 KB (159,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\convertor\convertor.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
1/21/2015 8:30:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:fM/yQPivSxrD/hmO+9HjRSRxlAVh0Midl/jFAyLTEenoWGGjgAKhIn6Uk3IH6yfO:fMmCrL4pZjR+j2ezoHhak4H6yALlld

Entry address:
0x9706

Entry point:
E8, 04, 5C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, D2, 07, 00, 00, 3B, 0D, F0, 34, 42, 00, 75, 02, F3, C3, E9, 80, 5C, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, EF, 56, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 60, 3C, 42, 00, 74, 12, 8B, 0D, 18, 3A, 42, 00, 85, 48, 70, 75, 07, E8, EA, 66, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 20, 39, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 18, 3A, 42, 00, 85, 48, 70, 75, 08, E8...
 
[+]

Entropy:
6.5213

Code size:
109.5 KB (112,128 bytes)

Scheduled Task
Task name:
Convertor

Trigger:
Daily (Runs daily at 1:03 AM)


Remove convertor.exe - Powered by Reason Core Security