freemakevideoconvertersetupnet.exe

Freemake Video Converter

Orbita LLC

The application freemakevideoconvertersetupnet.exe, “Freemake Video Converter Setup ” by Orbita has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download.freemake.net and multiple other hosts.
Publisher:
Ellora Assets Corporation   (signed by Orbita LLC)

Product:
Freemake Video Converter

Description:
Freemake Video Converter Setup

Version:
4.1.5.4

MD5:
6f7c6c24f371d295a284bd673b840f45

SHA-1:
b47f6a52941d658111dc9723489b752e13828ef6

SHA-256:
42b0df79927249c34f556502f87a9e7dd8db22ea31cdb03dfa08b87e27d677fd

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 1:42:18 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.56
9.0.1.0335

ESET NOD32
Win32/OpenCandy (variant)
8.10807

McAfee
Artemis!6F7C6C24F371
5600.6930

Trend Micro House Call
Suspicious_GEN.F47V1129
7.2.335

File size:
1.2 MB (1,270,552 bytes)

Product version:
4.1.5

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\freemakevideoconvertersetupnet.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/24/2014 11:37:39 AM

Valid to:
12/13/2016 1:32:44 PM

Subject:
E=contact@mp3jam.org, CN=Orbita LLC, O=Orbita LLC, L=Nizhny Novgorod, S=Nizhny Novgorod Oblast, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CA83881898F63A64C1A31C3A8CC5C2F5

File PE Metadata
Compilation timestamp:
10/13/2013 10:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ySxG0mgUF888888888888W888888888889lwflYfYSdI05oo1HQvx7fbMGzUVwT2:5xG3qflYf/diJeVOMcIJcIv1l0XO

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file freemakevideoconvertersetupnet.exe has been seen being distributed by the following 3 URLs.

Remove freemakevideoconvertersetupnet.exe - Powered by Reason Core Security