fastmediaconvertersetup.exe

FastMediaConverterSetup.exe

Applon

The application fastmediaconvertersetup.exe by Applon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from s.allfree-soft.com and multiple other hosts.
Publisher:
Applon  (signed and verified)

Product:
FastMediaConverterSetup.exe

Version:
1.0.27.0

MD5:
b67f43a7110bac1192020dde1b921281

SHA-1:
94482da0cb58a3556bda3008700db0f9d1437ac2

SHA-256:
9dc484bb9eba512d5754c7310b839183ece28a823535675fdf20aae9310c59be

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 11:58:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Applon.X
14.8.8.0

File size:
117.5 KB (120,336 bytes)

Product version:
1.0.27.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fastmediaconvertersetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/10/2013 8:00:00 PM

Valid to:
8/11/2014 7:59:59 PM

Subject:
CN=Applon, O=Applon, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
61D4C21BAC72FFC01DD91677B59DA3E6

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:OumhxebkJf+FTXJrQhGsiTpNIUH3VfNSoeaPZhNPbDXmOrj7HGam30oB06jWF:OuxkZuTXJrQITnbaObhm3Zbw

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.1259

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file fastmediaconvertersetup.exe has been seen being distributed by the following 4 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-214-28-72.us-west-2.compute.amazonaws.com  (54.214.28.72:80)

Remove fastmediaconvertersetup.exe - Powered by Reason Core Security