» freedvdtoavimp4wmvmpeg3gpflvconverter.exe
Overview
Analysis
File Details
Downloads (11)

freedvdtoavimp4wmvmpeg3gpflvconverter.exe

Nopumalifo

Huaxinwantong Beijing Technology Ltd

The application freedvdtoavimp4wmvmpeg3gpflvconverter.exe, “Nopumalifo Setup ” by Huaxinwantong Beijing Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftbundlesfactory.com and multiple other hosts.

File name:

Publisher:

Purek (signed by Huaxinwantong Beijing Technology Ltd)

Product:

Nopumalifo

Description:

Nopumalifo Setup

Version:

1.4.2.6

MD5:

764f83a4d12bdc77c666fd867e08ca54

SHA-1:

eebf176e3e5dd3e9de512b769d30b9c790e00c44

SHA-256:

b947f17cd1e9a4ab9b38421d1a2f690f5814f34ae5664026d5501ae15a47034b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

2/25/2025 2:05:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.Huaxinwa.Installer.Meta (M)

16.7.1.3

File size:

906.5 KB (928,248 bytes)

Product version:

2.0.9

Fast Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\freedvdtoavimp4wmvmpeg3gpflvconverter.exe

Digital Signature

Signed by:

Huaxinwantong Beijing Technology Ltd

Authority:

COMODO CA Limited

Valid from:

3/23/2016 9:00:00 PM

Valid to:

3/24/2017 8:59:59 PM

Subject:

CN=Huaxinwantong Beijing Technology Ltd, O=Huaxinwantong Beijing Technology Ltd, STREET="Dong Balizhuang 54, Building 2", L=BeiJing, S=BeiJing, PostalCode=100025, C=CN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C31292C6449E082B3FBF99E310243E2E

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:iti0NiGXIAR5v3nWi+dZKEUQq3p9UdRC+8Y4:iEcbXV/t+dZKEVq5b+81

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file freedvdtoavimp4wmvmpeg3gpflvconverter.exe has been seen being distributed by the following 11 URLs.

http://www.giftbundlesfactory.com/f4RYANoicghsC_sI6bxi759qO_rTO1pR7oOKP57KAA4sggtjdWJL6JbeKzZ9K w_kwmp6LmBfYkfWRtK7_yX4JNXvEs77S5uvJR6J_FjLrMyZaexITGZlfUT0a0zOoiQHamg24o0TXWwT6MUtA8_ScmmDrdrUNzomzT05A266Mgct_sYSWMkBjTSE26qRANMn298RKE4 HwX9lzx80w_eyOO5ySMIQf1 abTgRVeIQdZykE6a6U=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.taggiftflash.com/C3bxZKEAvWM2zwR9aHiqgTBNWmo8PR34ncRXXCG2dCVG4mHg66U9eimhaLXq6Fp5IvT2g1yG6hwbxh9Pys_vgjuD40GEiDBhByYr7IQ0N6HYKPk65GWCnwS3j5RghSi50J7gbeB4NAoqda7iQlYaQsJI9ZMnaL94r 3o 8ylzy3bjBBNfdSaLYz8wi2ZHfcWl8YuH57ezPtuaFPsIpabZc6I_PcYV R0XU_no88FVRioJPdrPtk=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.funtourbundle.com/DXBIRb9_PRwkbEXKb8EhfYZ2lpESZmA3hqvdTtFJCkNnxkm8UntK rX3ETB6v8jiR1qwvIhWFCY1owGWJ_yFLEWG_8 nrCGasHzeqHufmnizPo_in8yz2zcU3cfodhuPffjfSJ2qIT1ut11VmjJuD16TjcUduOm0lJoud0aMUxVaxwKxk1FBL2WWHluHXQ5040uPwF1B0BZBU_rXXUM1nGYJr6pRMDJoiaVh4aB6mqkUHCUPPu0=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.funtourbundle.com/C5lh3V_RXKYoZoo8C2UvmOZiqBUnIzLT7lHy 10KBPoRh2GpS92lusxWS4 FrRIgvyH7i1Wam44uK5spcAKQwtVcjBwfTUKDf_o7GklyxN6ktna0ALbte_C2uQUvqLuwdJnmxlK5pCeuiTtZzZ4oYc8uZPbPuCJvxLM_w65_zxVvU89OsqSwBwlJgrrcxytzePMr1P94pTgW0LkgVMtufAkElhuh5BYwE3fzjB6tikICDO 3Tz0=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.taggiftflash.com/OnFRIHGjOBAMFcb0E8uDWKGRJL0d29O75xtlT5DJEsRIFBcqChQG9UiBEMCGzCxvDGZ_Ynoq_NQ7cl3w2mO_RcBGFaRKuavEo_hOtSiO hXseLKemF28MYghee68aKehgJG3Ogsw 4 LsmgFsl2tAVHYWqxFI1 DWW2FwyOakh7t Mo62_b6WuvC2jIs9cFMMpPj_iB5gRXB1pvHNDSlID2Li71SZAVH58Pik3MMQTTNEAXDD1I=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.factorycapitalstock.com/2rf M9x16TmM54glrsaiEWmLKTdyF71X2iq9kCKeeeMQ63DX83JkO OILtND VqaJfzcndrU8E AA8xfLMg1gjrx9skSpNQOZ5KaqkHTAyzuZa5hfal25O IAFU96YwoMrHSCf6ij7IucORvT5giP7gTcujufvkg3uhkJIKFd1vLjgCLV_7Iz1QP7KNUXlUJ uMzWZ3ocKGeq7mzx7Ki9VPO0YHvRoZBhS_IPjvwiyR5KGJeBI=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.factorycapitalstock.com/wMvWTPMvzjBLkUCP17QgJExrOHJK5ZPOxhSNTSXlQPofu svcfnqUc4SGDGrqBKWx7OS1Awxd2SEi4w_ZspP1tTw6z6qJG3wfKQrxxRe9FCeaBbA4sV0xhpMiGlWnGYLVEHvlVuV_jgTBmkGqgpjyCMtPfw7g8FGQp4Gd8dj_k8LberR0rK20T4x0kjvmXjQjnVKULdoMXco9XWsQTWopQXWoYvp_egI0hpTA9HHueYvJPhwlJE=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.taggiftflash.com/A9SigzBxxlOTToyDmbXk3KHNoy7hhInST69CGI4zWHiYQlg oqqOcBfqM37ILKWwgvM eVZXuKSIEN4bJ rOAJVlW2431sBZYlqemDzsh5s8RP481P15QbN6zWXuGRgiW5WVhYnTgYrHaO5BJ6AvKeTOu6lJEhh666dM2U88Rg18L8RxUuAULWEMP0WJm1HgAzaK_g8hwF1QI6jidDH2tyF2xmXSEn3bI _mzcdW7Q1HMdKVxY0=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.taggiftflash.com/dDeaZ5fk87bpIrrCCw7BFKOw5Tfy7g1TMRO6J8ffItEwNyVWr63ekQL3oq3cDOKL4cmtcX_FF98MtAraB68L3oqnuw1Bs73MS4SKLN4cJg7IOIArj2RaS MBxgtOzpI6j716aXO4XR9zdRN28CVq4yjLdo0cEH4RgqqcXVaWd2LrxR bxwNRG8mMhcffl_X7Gs0PPMwxmu1uKdeYToYJMEA9QHxc4CJPBNpTDZmz_ibxX86Wbiw=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.taggiftflash.com/8gEqbBPtAGBgkZXluHS8PYKj5bItMfKFhGHUzAaoaHRmvQxQc3v4VRfQwxpwewCAtvXIx3Czy0TGYgT O p4sWfHXSaED8pgDT4kRcIBxzED HfT5IiMukQndlpVhFaPpVWf_E4nho0ftzjmSFGXmXjw6e5_h9rvGgdNbTxrefd_k7AP9LaBicF0vfuEM4OSKSYlGzRXqCkFoqmV4 yMHErrSuu1O8lRXIzyECHPIcyWt36yens=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

http://www.funtourbundle.com/qkqvfCVpMiVKgHIsXfj7Rah_ ZxtWjYbnZl y1C073981_Lfg3Mp90dic vlFvvy35qBNFc2bLBe_iRPuBqPqluOcDnZP4psjF9 4kUQGct90Cujte_d_i5YfPhY4RNoiEu_ZKLyYdwiQcWoZl0bAKge_AgwUszTA r0u6aIRQPkL7YPwLZKgMpHBEltzIcBvVKjBMJemJ2upjvviy9TC3SUyQqH5wBSqG5VD_b2EGk9Ku9 Dts=-G2wAAMRv548bA8OiIOXqSp3RoDcoUb7hQzMO2L KZHcDgoHQPIfPBUXav1xjyq_ZnD1HJuhKJiobM7Rz4RP86ngBL_4dJ5nYNhLikEziWOQD_ePh9lwVfgA=

Remove freedvdtoavimp4wmvmpeg3gpflvconverter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.