» freewebmencoder.exe
Overview
Analysis
File Details
Downloads (1)

freewebmencoder.exe

Free WebM Encoder

PolySoft Solutions

The executable freewebmencoder.exe, “Free WebM Encoder Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from dl.free.fr.

File name:

freewebmencoder.exe

Publisher:

PolySoft Solutions

Product:

Free WebM Encoder

Description:

Free WebM Encoder Setup

MD5:

3a1956a68af631eca3627992ee520e27

SHA-1:

5931c0cf5255e1b9f6141448d9a4131cdde70495

SHA-256:

bc03fcf1f419964e9fdca79ef8fd29ead78cc680084c69afdc4ea35e1c1de458

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/6/2024 1:59:57 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160414-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.241.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

4.2 MB (4,369,325 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\freewebmencoder.exe

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:q2/KyLW94WsioJz3nX9Znht68UgusF33RadNXBtsKK:wUW9HMb9Zn9zTqxe

Entry address:

0x9A58

Entry point:

69, D2, CC, 6D, 86, A9, F2, 69, F1, 3F, 18, 11, F4, 69, DF, 37, 4A, E7, D6, 0F, BE, EB, F7, C3, D4, 9C, 90, 88, C6, C3, 7B, 85, C9, C7, C3, A8, 23, 06, 4F, 89, EE, 1B, F2, 52, 68, 40, 65, EF, 00, 3C, 79, E8, 00, 00, 00, 00, FF, CA, 8A, C5, EB, 07, 8D, 15, 1F, 99, 4B, DE, 42, 8D, 2D, 6A, 4A, 05, 0A, 4D, 8D, 2D, 2F, A5, A8, 20, BF, 7E, 70, 04, 00, 88, DE, 81, F7, 2A, E3, 00, 00, 3B, F0, 73, 03, C6, C2, F8, 81, EF, 1A, E6, 03, 00, F3, 87, F0, 89, C6, 8B, DF, 84, FE, 81, EB, 3B, 08, 00, 00, 5E, 89, D8, 0F, AF... 
[+]

Code size:

36.5 KB (37,376 bytes)

The file freewebmencoder.exe has been seen being distributed by the following URL.

http://dl.free.fr/_getfile.pl

Remove freewebmencoder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.