home

flashvideodownloader.exe

iWisoft Free Video Downloader

www.iwisoft.com

The executable flashvideodownloader.exe, “iWisoft Free Video Downloader Setup ” has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download.iwisoft.com.
Publisher:
www.iwisoft.com

Product:
iWisoft Free Video Downloader

Description:
iWisoft Free Video Downloader Setup

Version:
2.1

MD5:
f439874f45c1173cb7669df691218901

SHA-1:
fd1098e989fbb79681c84925deaa67ad7294c617

SHA-256:
2872ff8f3071b6f43c7058d05e8e14cf547c30967ca36aa80348bba3ceb45af9

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/24/2024 7:01:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160327-1

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

File size:
3.1 MB (3,209,295 bytes)

Product version:
2.1

Copyright:
http://www.iwisoft.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\flashvideodownloader.exe

File PE Metadata
Compilation timestamp:
1/6/2010 3:26:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:pkltT4nzMvkkb53TqvM90boTll8SBYKx7xTyFK:p0czetb5DqvI0bS8RGxTyFK

Entry address:
0x163C4

Entry point:
42, 68, 5D, 57, 2F, 00, 0F, BE, EC, 85, FB, 74, 02, 8B, D2, 85, EA, 48, 86, F3, 8D, 2D, 02, 18, 7C, E8, 0F, B7, C1, 43, E8, 9C, 00, 00, 00, 69, DA, 54, DD, C0, C6, 31, F5, F6, C5, 5D, F7, C2, 9B, 31, 76, FB, FF, C3, 0F, AF, D2, 8D, 1D, 79, 2E, 37, D6, 84, C5, 85, F8, 8D, 3D, 0D, 87, 5E, BC, 8D, 15, 0F, DF, CF, 45, F7, C3, 23, B3, A0, A3, 69, ED, 90, E4, 26, A4, 4A, FE, CA, C7, C2, F9, B4, 40, CE, 50, 80, E6, 1D, 88, CA, 5F, FF, C2, F6, C5, 34, 45, 89, F2, 1B, EE, 57, 71, 06, 69, D1, 73, 3B, 6F, C7, 5B, 81...
 
[+]

Entropy:
7.9838  (probably packed)

Code size:
85 KB (87,040 bytes)

The file flashvideodownloader.exe has been seen being distributed by the following URL.

http://download.iwisoft.com/flashvideodownloader.exe

Remove flashvideodownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.