FreeFLVConverterSetup-r119-n-bc.exe

Free FLV Converter

Koyote-Lab Inc.

The application FreeFLVConverterSetup-r119-n-bc.exe, “Free FLV Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.cdn.koyotesoft.com and multiple other hosts. While running, it connects to the Internet address 94.31.0.25.IPYX-076665-ZYO.above.net on port 80 using the HTTP protocol.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
Free FLV Converter

Description:
Free FLV Converter Install

Version:
1.0.0.129246

MD5:
562f39d3f14ab54fd83fb573dfcfb088

SHA-1:
e739c954282417bdc8f381bcaabe2230d6f08c67

SHA-256:
08ddb84fa27a0e990a6b95bf3a6595c63ac42e2de41827d42e4c75483b38bc26

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:38:53 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod1bb.Trojan
1.3.0.4613

Boost by Reason
Adware.Installer.KoyoteLab.FF
2013.8.29.5

Dr.Web
Adware.Downware.942
9.0.1.0241

Malwarebytes
PUP.Optional.Bandoo.A
v2013.11.27.01

NANO AntiVirus
Trojan.Win32.Downware.crewao
0.28.0.57029

Reason Heuristics
PUP.Installer.KoyoteLab.FF
14.3.1.0

Rising Antivirus
PE:Trojan.Dropper!6.1BE
23.00.65.131210

Trend Micro House Call
TROJ_GEN.F47V0724
7.2.241

File size:
1.1 MB (1,134,488 bytes)

Product version:
1.0.0.129246

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freeflvconvertersetup-r119-n-bc.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/22/2012 4:00:00 PM

Valid to:
2/21/2014 3:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 1:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:79gbBsksxYqswsxxBMTMlJNF6I4K97M9PO3FDkxasTy:mbB3+xswsxxBBIDcbFDkxhO

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9826

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file FreeFLVConverterSetup-r119-n-bc.exe has been seen being distributed by the following 8 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 94.31.0.25.IPYX-076665-ZYO.above.net  (94.31.0.25:80)

Remove FreeFLVConverterSetup-r119-n-bc.exe - Powered by Reason Core Security