convertwavtomp3_setup.exe

Safe Software

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application convertwavtomp3_setup.exe by Safe Software has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from software-files-a.cnet.com.
Publisher:
Safe Software  (signed and verified)

MD5:
23d77553da9a0113cb04c0bc8766fe01

SHA-1:
7b6a3e7b7357c0eab545d4c42c789e3414ab7ee1

SHA-256:
17f534bc67437d3d9acc961d9f7f38dd2d35117d45d2d384aa8dfb02b78d070f

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 3:46:38 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3145

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1548

Comodo Security
Application.Win32.InstallCore.KJH
21518

Dr.Web
Trojan.MulDrop5.38104
9.0.1.098

ESET NOD32
Win32/InstallCore.RA (variant)
9.10696

Fortinet FortiGate
Riskware/InstallCore
4/8/2015

herdProtect (fuzzy)
2015.7.11.16

McAfee
Artemis!23D77553DA9A
5600.6801

NANO AntiVirus
Riskware.Win32.InstallCore.djeeqw
0.30.8.659

Reason Heuristics
Threat.Installer.SafeSoftware
15.4.11.23

VIPRE Antivirus
Trojan.Win32.Generic
38718

File size:
773.4 KB (791,920 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
10/29/2014 2:00:00 AM

Valid to:
11/3/2015 2:00:00 PM

Subject:
CN=Safe Software, O=Safe Software, L=Seattle, S=Washington, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
023BE808DC0B03F81EE92F5AE8266447

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:JQE6FIOyYqhuYwoi3qajmt4kRWcTwMgSxi8y:JvIVreNfi6ikRVvxU

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8419

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file convertwavtomp3_setup.exe has been seen being distributed by the following URL.

Remove convertwavtomp3_setup.exe - Powered by Reason Core Security