home

freevideoconvertersetup.exe

Free Video Converter

Koyote-Lab Inc.

The application freevideoconvertersetup.exe, “Free Video Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.koyotelab.net and multiple other hosts.
Publisher:
Koyote-Lab Inc.  (signed and verified)

Product:
Free Video Converter

Description:
Free Video Converter Install

Version:
1.0.0.127581

MD5:
f92c5a919856d269bc1388b6aabb0f2f

SHA-1:
0fa537b992bc52a5e9fdfe24971cec838680a148

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:41:48 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2497
9.0.1.028

ESET NOD32
Win32/Toolbar.SearchSuite
8.8877

herdProtect (fuzzy)
variant of 6677012_setup.exe (PUP)
2014.3.15.4

Reason Heuristics
PUP.Installer.KoyoteLab.X
14.2.27.4

Trend Micro House Call
TROJ_GE.D4C7CF0C
7.2.28

File size:
924.7 KB (946,912 bytes)

Product version:
1.0.0.127581

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\freevideoconvertersetup.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/23/2012 1:00:00 AM

Valid to:
2/22/2014 12:59:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:vzZ22sQqEGGEAAbSmMrlp/mg0VLc2iGj9oXq:vRzqZnAeg0tBvBo6

Entry address:
0x3415

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

The file freevideoconvertersetup.exe has been seen being distributed by the following 2 URLs.

http://www.koyotelab.net/.../FreeVideoConverterSetup.exe

http://download.cdn.koyotelab.net/r/cdn/.../FreeVideoConverterSetup.exe

Remove freevideoconvertersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.