home

Setup.exe

Free Video Converter

Koyote-Lab Inc.

The file Setup.exe, “Free Video Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from download.koyotesoft.com and multiple other hosts.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
Free Video Converter

Description:
Free Video Converter Install

Version:
1.0.0.134486

MD5:
1c7f91a0989cad776f269e04fd029185

SHA-1:
3f03e8984e7c813b353f7bd14f834c470b9a9b9d

SHA-256:
2beba39159cf2cc27acdb23551f62a1d63d5dec8b54a1b448fee7cf5602e46b3

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:50:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
Adware/SeaSuite.ona
7.11.187.160

AVG
SearchSuite
2015.0.3285

Baidu Antivirus
Adware.Win32.SearchSuite
4.0.3.141120

Clam AntiVirus
Win.Adware.Searchsuite-3
0.98/21511

Dr.Web
Adware.Downware.964
9.0.1.0324

ESET NOD32
Win32/KoyoteLab (variant)
8.10752

Fortinet FortiGate
Riskware/KoyoteLab
11/20/2014

G Data
Win32.Application.KoyoteLab
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.14071

Malwarebytes
PUP.Optional.Koyote.A
v2014.11.20.12

McAfee
Artemis!1C7F91A0989C
5600.6941

Reason Heuristics
PUP.Installer.KoyoteLab.CC
14.11.20.0

Sophos
SearchSuite
4.98

Trend Micro House Call
Suspicious_GEN.F47V1118
7.2.324

File size:
1.5 MB (1,527,160 bytes)

Product version:
1.0.0.134486

Copyright:
Copyright (c) 2014

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/12/2014 5:30:00 AM

Valid to:
2/22/2016 5:29:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
05787E08EB7454E434F666A81F251A2D

File PE Metadata
Compilation timestamp:
5/30/2013 1:39:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:rJjHFk0zp7jJ5BFVnrqnYS8WU2nyElY5zvVJlZ/pS3yIlUyQ:1F5BrBFNrGYS8WU2LY5jVJllpS/UyQ

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9893

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://download.koyotesoft.com/FreeVideoConverterSetup.exe

http://download2.cdn.koyotesoft.com/cdn/r/.../FreeVideoConverterSetup-r196-n-bc.exe

http://www.koyotesoft.com/.../FreeVideoConverterSetup.exe

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.