FreeVideoConverterSetup-r0-n-bf.exe

Free Video Converter

Koyote-Lab Inc.

The application FreeVideoConverterSetup-r0-n-bf.exe, “Free Video Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.cdn.koyotesoft.com and multiple other hosts.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
Free Video Converter

Description:
Free Video Converter Install

Version:
1.0.0.129246

MD5:
63e9c06c45daa2cd2ce4add06fc93e80

SHA-1:
87d72dc51267edf6234bd350cdb8b7e9d91e920d

SHA-256:
175e8923299141ca378264d0432983b17e888d27faed291811446fd3024d3f1c

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:38:58 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod709.Trojan
1.3.0.4613

Boost by Reason
Adware.Installer.KoyoteLab.FF
2013.8.29.5

Dr.Web
Adware.Downware.942
9.0.1.0241

Malwarebytes
PUP.Optional.Koyote.A
v2013.12.29.06

NANO AntiVirus
Trojan.Win32.Downware.crewao
0.28.0.57029

Reason Heuristics
PUP.Installer.KoyoteLab.FF
14.3.1.0

Trend Micro House Call
TROJ_GEN.F47V0716
7.2.241

File size:
1.1 MB (1,128,384 bytes)

Product version:
1.0.0.129246

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freevideoconvertersetup-r0-n-bf.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/22/2012 4:00:00 PM

Valid to:
2/21/2014 3:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 1:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:r1HOs7xwnewh0i1sez1Ldg8UESsU2S8quSON:xOkwewh0i1s21RgvESsUXuSk

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9824

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file FreeVideoConverterSetup-r0-n-bf.exe has been seen being distributed by the following 18 URLs.

http://download.cdn.koyotesoft.com/cdn/r/.../FreeVideoConverterSetup-r146-n-bi.exe

Remove FreeVideoConverterSetup-r0-n-bf.exe - Powered by Reason Core Security