setup.exe

Media converter

Conversionads

The application setup.exe, “Media converter Setup ” by Conversionads has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from download.freemp4converter.info and multiple other hosts.
Publisher:
Conversionads  (signed and verified)

Product:
Media converter

Description:
Media converter Setup

MD5:
6e069a58f8497f4bf40dabf87cbde886

SHA-1:
d7cc0cb0fc151535a7a189416e6e431afabc8ba8

SHA-256:
242767708154ad3c169ab40d78e677b061567104489a20e5fff252bc998fc1ca

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 11:38:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NNP
911

Avira AntiVirus
Adware/PlayBrute.A
7.11.102.82

avast!
Win32:Crossrider-C [PUP]
2014.9-140807

AVG
Agent.F
2015.0.3508

Bkav FE
W32.Clod7ef.Trojan
1.3.0.4562

Comodo Security
ApplicUnwnt
16928

Dr.Web
Adware.Downware.646
9.0.1.0219

Emsisoft Anti-Malware
Trojan.Win32.OutBrowse.AMN
8.14.08.07.11

ESET NOD32
Win32/Toolbar.Zugo
8.9622

Fortinet FortiGate
W32/OutBrowse.C
8/7/2014

F-Prot
W32/AddLyrics.A
v6.4.7.1.166

F-Secure
Adware.Agent.NNP
11.2014-07-08_5

G Data
NSIS:AddLyrics-G
14.8.22

K7 AntiVirus
Unwanted-Program
13.176.11623

McAfee
Artemis!6E069A58F849
5600.7164

MicroWorld eScan
Adware.Agent.NNP
15.0.0.657

NANO AntiVirus
Trojan.Win32.Plugin.crbipj
0.28.0.59492

Norman
Downloader
11.20140807

Reason Heuristics
PUP.Installer.Conversionads.F
14.8.7.23

Sophos
Conversion Ads
4.98

Trend Micro House Call
TROJ_GEN.RCBH1AF
7.2.219

Trend Micro
TROJ_SPNR.0CB713
10.465.07

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
23710

File size:
26.7 MB (27,972,888 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/29/2012 8:00:00 PM

Valid to:
5/30/2013 7:59:59 PM

Subject:
CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:OLd7lgXXkSj9GwbufCqzf1L97+90K6WuKHu5Xk2:0BIj9GwbT0dL9K90KNHuN

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
8.0000

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

Remove setup.exe - Powered by Reason Core Security