» freeavimpegwmvmp4flvvideojoiner.exe
Overview
Analysis
File Details
Downloads (10)

freeavimpegwmvmp4flvvideojoiner.exe

Nopumalifo

Huaxinwantong Beijing Technology Ltd

The application freeavimpegwmvmp4flvvideojoiner.exe, “Nopumalifo Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.funtourbundle.com and multiple other hosts.

File name:

Publisher:

Purek (signed by Huaxinwantong Beijing Technology Ltd)

Product:

Nopumalifo

Description:

Nopumalifo Setup

Version:

1.4.2.6

MD5:

1103cdde4334d756a2d024ce666f8db7

SHA-1:

db6e3c242e31ebed77a191b79d49484eb37f8df4

SHA-256:

e5c0016757ec8c8b7a956b82546e5143b1ab400036c3df12ead63b5ebe86853c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/6/2024 6:38:50 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.Huaxinwa.Installer.Meta (M)

16.6.30.14

File size:

906.5 KB (928,248 bytes)

Product version:

2.0.9

Fast Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\freeavimpegwmvmp4flvvideojoiner.exe

Digital Signature

Signed by:

Huaxinwantong Beijing Technology Ltd

Authority:

COMODO CA Limited

Valid from:

3/23/2016 9:00:00 PM

Valid to:

3/24/2017 8:59:59 PM

Subject:

CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C31292C6449E082B3FBF99E310243E2E

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Ati0NiGXIAR5v3nWi+dZKEUQq3p9UdRC+8Y4:AEcbXV/t+dZKEVq5b+81

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file freeavimpegwmvmp4flvvideojoiner.exe has been seen being distributed by the following 10 URLs.

http://www.funtourbundle.com/uBi5n3ssJ33FQhU dQ_e_mkB4pCPLSD696kBZrDkeuS0LATMDeF5ZtXJPfGo1hyL5mM6HfrD Uk2AFF5CPHTd1GjpuURmReJQ6nAzVrO82RcJwBMWKUo7cCZ6RdDq97pvuisI8G8JoLhDqlQL9EI2PTdJPU4enx56ZEJj3dDozHEsfdN2TT48bnRNqYnGA2EE76IbNt2DH_fMPOumLBdN1YMXZ POxudAuu3opRUuKTAwjvx2RW5WBr43wE5lrpz eh4A0UJtnhwDQrOCUd2 nZJRnaut5Zk5ggNxhastYJifW 7F4nu1GB9znRkT5rjCq3XmTnn4C1GuihjZEvpD1lLxuNzr7oPAG_1j n4Xw0M_XgfBdGT2 uNVp0xm09G2_7c0OhAJFUe7oZ6jBC1SpF8RSovbshkoxsp1zKhDURuJUwxZngq9FOxAuBkrvzB2zW1gWtB6utugZXZxqWs OhXamBDB6TjmAUBhnKTtlqujBk4yMVxXM0R4rOLnf gJLXHtVJchZiXZAF6z0VakROr5bgciQ==-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD-e

http://www.factorycapitalstock.com/FAew0HkAV OnLjRm81HybZ5Q33BBBpBRkGq 9DmqMpHxMUUFEUkkZ7fxjDf MVlk ntDqGLpLjvLDt6zjjpwSfa0 ukGMK5Afhms5CBMWYkKUK7tAf5RPiHNQZsWTxcEW3Xt8SvUGFEdj8a6bx5pwzfZaqAlpHoYxxjj 0LptlELyWLWtRpYP omu DbL3DBN055PavumdrsWXf0qyo8LMAFMXcK7O iozmhAoirShgbKJvCA0k=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.funtourbundle.com/bGRboYSC_FOdAXCdZDQrMapxzlr_znFdzMbnPKAUp3KayYdL5Tk6hkHPJ9dRP1xCCHRkVb91dyrvzI95a6RJ4N1tiSRigcPc2uVLzZh2nT4JD9SnARfafSbqVkCIZpqYNN3gA0kkEnWyGUwdIF2HBCpuhDgcWu1EWLv30H23u2sVapiAPQmHPUtb9ck2HmSD7H5tMEsKX9PNxu2M7PX8wjKw KV QwpWCgXLmK1vSrneREZPk6iDrDWvGydbVBRAdDsaG0jQsVUfVl LoiDfLmPKIXxbfm7YDJ2qXPPyQMWBIp6UNdYuSQuEfgp5QQ_N2bZmBSbITjCm_svRVcxYN6IU6pE1DbDEWbqO1O0H265s4zFmqG7gJqwQmvz4m1rrP1YSG7V29_SB8hW1ZcTKg P9QshhwlRm2sNN G4V9X5_4WbZ3Jzecu WtaygJ9QpcjYEkjLOntk20a99qUrPohUFvykP4FmT9GzxyTdnFgdkdkxzwD4taT jA5961T3lNwxttssAPt7aNpcM7b7mcqZ_oKllRQ==-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD-e

http://www.funtourbundle.com/UyWclaKykYKTXGR5 cgQwasWY4shPYdaBCgzFu3oQnk4WQl6n27CT_IsZICnxWfiNCIwAMbKWYg0PekDoqvIncJIC3TDiQTlfyQBsIn6 6gEOocOMD8i8lvwomty6ygLjNaCQp8bACRv7RwOPPvRO1IJWNq6YjWtV1ZUCs8_wG6nl9uumUflVGi6iJBa2 Ud3Li5Yh1v_s44w4TDF3KmEAL2h Dm5m0Qah2NwXY9zHYQFuOCYdM=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.funtourbundle.com/1O8EvXADslO26e727KMpG4c8YmMyg3R0gIFn6jg807x4pr94bzhpYcXSXY 3sTQqXmrHwq5aP7j5wHK8b9x ADWwBnDl_f2zliQRSS_SQNx0VeuGodHTt5JpZj7efRSOS_ekF47jVyOR7 5Kw1eQQbux5vrFeFjjJOgdSWV1nxqWXJNKAUZ3MAvakErwd7rr8PBznQeRJ5kM4kGcuUyJC63XC1rV4M5gfQGaNb6X_msrbljquS8=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.factorycapitalstock.com/1mYYHBQ6OYAS_1xRH2sTTdQL8VDUWYoJtHWiA9PU2h8vWJWgxZ_7OKEwJGdsBbDMpWwWBqwNMLYZP8TjsX7Fv_gozG9frzGP63NaxvJTOUDQfVASOpxlQWJ1bYlaNN6Mv_ON87P kRyo bahHrmI0dxB78O5U70dkTbrlwwC_spvvHDdbAmtc_PnPgBqprHTHURKw_fWih7qTRDr_wKZ8PTOhMJcl6nw0MCZ2NNYR0gU 6D SXs=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.funtourbundle.com/bhOKKY5ldSmr9P3uB5abXcc63lZ9X1U roVNGNlh DGRNtb5rob8RQJrxhgnxPyPkMSlyFfOdLaOmhqMVMzy9IQk1EqPw6IQKA51byq_LnuzzKfsxr22iySO57zlVfTVwytEb0aj_TqZ2LCdEYIYOGk0VWvbuThkTCwtjxONFKZlfd3zEIcmvUxEC 1F8ulLpbee8Dvd6dFDq5wyE3mYrI_WHs_APfk4Ti4SX29UelHjuM3JAtw=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.funtourbundle.com/276k9PVmku1FPbva20 OC1AM1JLFdHsMq04pZhe3V5HL5HDm6vuJrCOeXKzCuePqKcxteZVkJUJkqzsVWS9D7VO9EpaKe1N9bAYJEmZCgOFSzYqFQCVHO6wLHihOTqa EiTtnzPwSooSavGjYg 4xKR1f38KIXx4U65uNPdwm6Cbal6V3Q QKPS_kwqe1T5w3FnzI3q4fEpP6LK8bbVORbvfjJ7fNhWaDAg_HJEta9Jue2R_V30=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.taggiftflash.com/iHr47sNMDc9taTSDLGd0cDDd4IlQXbTfVKLoGu k1ZIktkTrLnJu3or1iujE1wZG7mUEYB exDeFEjaoqgM3DdkpsSUmYvGKcr7u1dnZt Uku9W0uxWW_lcg07qbZYellfMTKwP76ylyuZbVIi35ZOkbM1gWzjgvz7iqqzunZG9ywoZH9Be4vo7eBJI9nmb7F2g02Hg8OuMOi51BxU8BlxftLMQDmxkkjdZYxLMxxvt7BCnyfG4=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

http://www.giftbundlesfactory.com/eUkr04KS NgI51ek38Q2OgPiIwzjyyRA0DIvgnlTfE6MxeVYp tSW0FDbS1QzrJDGpuCVxOhAs5OC7Ls4nf19tCazjZS7e9O_RSTlWgPTIrMqTjGZIiistU7NNwXHc9C1r7t52zHC63mBi8KuY_DRE0NwrC8K5AuxMh8GDiRk96eAnYs_zlsTvxfT4zT82xI3_PjdLu_Sk mK8Tc9VALvUjD10bO5pppdLTlmSIyq4Oeb6KGNF0=-G2YAAMTaOW4shsXgRb6UeqNBN3yJYgHNOGD_KpLdDQgGOM_hrR K1vKNGb9hc7bOTsjVTFJuzNTqwjM8LV3AS IaYmfh6qiI4M5HN 5IzeAD

Remove freeavimpegwmvmp4flvvideojoiner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.