movietogif_setup.exe

Movie To GIF

Ye Yizhou

The application movietogif_setup.exe, “Movie To GIF Setup ” by Ye Yizhou has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from en.softonic.com and multiple other hosts.
Publisher:
zxt2007.com   (signed by Ye Yizhou)

Product:
Movie To GIF

Description:
Movie To GIF Setup

Version:
1.2.4.0

MD5:
7e8829b2c1f89291d6385e967d665903

SHA-1:
bfb9e98910a6e404da68a3827e2de8972cdeaa0b

SHA-256:
9d247be1ea16f4b5a16790f228b6df26c507433e464024374c2243d7a1dfa083

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 12:54:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler.YeYizhou.Installer.Meta (M)
16.7.8.10

File size:
6.7 MB (6,999,392 bytes)

Product version:
1.2.4.0

Copyright:
Copyright 2015 ZXT2007.com.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\movietogif_setup.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/7/2015 8:30:33 AM

Valid to:
9/7/2016 8:30:33 AM

Subject:
CN=Ye Yizhou, L=Longyou, S=Zhejiang, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
304E7576E2082A9B6E87C0FFCC4B397C

File PE Metadata
Compilation timestamp:
7/16/2015 6:54:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:l5QzkB5Rw2tQbfmIc75V9ulSeWmOfuIRzKqb:HQOjw22bfSdulSessk

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Entropy:
7.9954

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file movietogif_setup.exe has been seen being distributed by the following 13 URLs.

http://en.softonic.com/sads/tracker.php?ev=c&co=ID&sid=83314041eff62da926eefe8b6b9f9819&upv=98264c1617ba05d7beb40d4d83aa67ca&z=download-cpd&sk=722&abp=0&params=F39B2A32BFC101987B1458170C278E031176ABDE618A400FC6FF30446D94EAB6F26CC2F4E7E73A3DD168F99D29262AE34DC0B52DB868A077AC41AC8CAEF0BB14CD6A3E1C65DA9FE41DA3B44A9A0ACC78F366A9C2545BF15314913E04F0701B96AEFD2DCE08C6245DC06B3DE5C1DB8AA741E0784C7A846A8493A8D354E3498E046B7DA476803F83AB98047F4DD6DF4EECAC996162763FDE1665C05CB20C390883&h=0ED352F6E0C41E11C4DC9F912215F57BFD97B5285409749FE42BB1C671903AD7&directdownload=1&f=69688960&d=http://en.zxt2007.com/.../movietogif_setup.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=PH&sid=167b9645e8fb92fb841ccd4e5e65309e&upv=ee6ef5954d03e81652757af53d622b17&z=download-cpd&sk=716&abp=0&params=F39B2A32BFC101987B1458170C278E031176ABDE618A400FC6FF30446D94EAB6F26CC2F4E7E73A3DD168F99D29262AE34DC0B52DB868A077AC41AC8CAEF0BB14CD6A3E1C65DA9FE41DA3B44A9A0ACC788292601CA79F20064A2BF0FC6EB56B7F9B19D7664800E36652B8E620365E11B3F3ECD349CA013F67A7770DE956B2AAA30FDD0C3AABA37C324F07718168231C6C43D971527EF9164B3D906F6C97AE3B48&h=7FE5654EAF144186BDB339B3C42835477BA56FB5CC57D3EBCCF00AA54CCDE474&directdownload=1&f=69688960&d=http://en.zxt2007.com/.../movietogif_setup.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=992a9259d45c2b520a856bc9f71b027b&upv=bcdb04f21671ec71180eac5e60a3d89f&z=download-cpd&sk=722&abp=0&params=F39B2A32BFC101987B1458170C278E031176ABDE618A400FC6FF30446D94EAB6F26CC2F4E7E73A3DD168F99D29262AE34DC0B52DB868A077AC41AC8CAEF0BB14B97A8ED977C64A9B59CDF68DD3BF6DC08CD3D0335A84D7EAB421723DA57A0D39812778212C59E6E3A841A9D9C2F06B86A1E6E49A40E09B911F9ABF684EBAB195DAC0C747066C7C6C269A31AE1AC2C0572174BEFD71D991D4AECE5E96C530E540&h=F19EB5303B1AE8B58529ACC1ED921FDFF0C0C887C94C38CA4EFF55281044151E&directdownload=1&f=69688960&d=http://en.zxt2007.com/.../movietogif_setup.exe

http://www.softonic.com/sads/tracker.php?ev=c&co=MX&sid=2d99c52000cb8dbc264049fc13986dbe&upv=4ff0946ac699c25a24840de60e16374d&z=download-cpd&sk=716&abp=0&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAC9B15663BFCC32A4B420C96190DC24F2FCD91441EE13E6B009FC4105A6B464116F0E6E806BD20B75ACEB43CA76097F52AC95CE0CCE1D581CB343819D1CF5FA27B4C22F369E32E274CE079236768D2AA6C901DB69EB8DA1162A69FFC71E9F020CA818E646A9CB5EDA4A0AE51B7F9537C560029F7A0C2287CC19B8BC1A68A1EFBEED98B3C9A57919D08E2FCBD19963AF95&h=D8EA1FD47C001E7B03239427F9A7F733AC4690D1EB1DAD565FC81B057C4A5609&directdownload=1&f=69688960&d=http://en.zxt2007.com/.../movietogif_setup.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=ID&sid=00499b6f61adddc23080bab086d9807e&upv=ee0849c9a22f6b06dc6aa04e3b4f75a9&z=download-cpd&sk=716&abp=0&params=F39B2A32BFC101987B1458170C278E031176ABDE618A400FC6FF30446D94EAB6F26CC2F4E7E73A3DD168F99D29262AE34DC0B52DB868A077AC41AC8CAEF0BB14CD6A3E1C65DA9FE41DA3B44A9A0ACC78B931C0C99B34C6B8EB486D4347A54928DA61F24FFF330531FC980BBABC3E0AC44158329BC2CD19056683CF59606F7A62ACB11C11320BB62598C9A0B8F832172BE4B5D1CE9B67F8928034853CC7DF6DDF&h=0DE9CE2EC544043C333299570622A5B55FF80E8308A353F91A2495426BB7CBB9&directdownload=1&f=69688960&d=http://en.zxt2007.com/.../movietogif_setup.exe

Remove movietogif_setup.exe - Powered by Reason Core Security