mkvtoolnix-64bit-8.8.0-setup.exe

MKVToolNix

Moritz Bunkus

The executable mkvtoolnix-64bit-8.8.0-setup.exe has been detected as malware by 2 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download.fosshub.com and multiple other hosts.
Publisher:
Moritz Bunkus

Product:
MKVToolNix

Description:
MKVToolNix 8.8.0

Version:
8.8.0

MD5:
913df5d8a6b2ae614c539659bb181a57

SHA-1:
ef2cc6fd696b41380773cc9ea7ac020d86d2155a

SHA-256:
8afa6831b0af757448c0f87807f3b14ec29116e4ad7d00c1d38bc49e1eb3f897

Scanner detections:
2 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/25/2024 3:25:58 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1077

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.9.12

File size:
13.3 MB (13,946,338 bytes)

Product version:
8.8.0

Copyright:
Moritz Bunkus https://www.bunkus.org/videotools/mkvtoolnix/

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mkvtoolnix-64bit-8.8.0-setup.exe

File PE Metadata
Compilation timestamp:
12/11/2015 7:37:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:lOYQPyG7R0byZc8hk7CxmWW7rzfs6GhvB0:lwCb8k76xWA70

Entry address:
0x432F

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 03, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 04, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 04, 45, 00, 56, A3, 18, 7C, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 7B, 3C, 00, 00, A3, A0, 7C, 44, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 04, 45, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9918  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file mkvtoolnix-64bit-8.8.0-setup.exe has been seen being distributed by the following 48 URLs.

https://download.fosshub.com/Protected/expiretime=1455069137;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/a1c89dd68803d703a3deb1953696c8f8743b7921c0b73c7b8fc9e1e58d8ba4e4/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1453238870;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/f7491f000eb06765123bf4e6b1a82f828ecbcaea5e80890e5c6b992bfefbb541/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1453014932;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/3dca0417f308d98630ddc9d16a1487786e227946b44db447cd8080ac9efc7de4/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1452621180;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/a5ce13d6ab8a8ac5c8f4894dfbc651cceaa4affa776fdfdb97d41147e76ddad5/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1455573671;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/da585ecdde6eafecab5cf448374241a6073939f2fd6cf7c8e82f12bf3b67ff91/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1454633191;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/b0967d53a9058c1b112987c48f3f8a1ba344927acd33b20a869658b057ff4e26/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1455126291;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/acad6766d5cc9fac0ba00eba28c4ddc4f73e088a7a15d6aabbc5dea035209ebf/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1455762906;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/7047d4ea991e444f63c812598bb5d5eb0224f6d10b9c77984780c9a4cf0a8910/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1455644837;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/ae21df93b56416229918c8d0feb7197bd091156254e845076929e853ba33cd6a/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1454557734;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/102f69e2659b96ec375941f3b49d34b17bc9f8c2fc1f25266ff11d042b3f3c9a/.../mkvtoolnix-64bit-8.8.0-setup.exe

https://download.fosshub.com/Protected/expiretime=1452855628;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9NS1ZUb29sTml4Lmh0bWw=/2019dea2a3f473008e7192706db18f09c269fe1dff09f8e39fa45123f87b5446/.../mkvtoolnix-64bit-8.8.0-setup.exe

Latest 30 of 48 download URLs

Remove mkvtoolnix-64bit-8.8.0-setup.exe - Powered by Reason Core Security