» setup_freeflvconverter.exe
Overview
Analysis
File Details
Downloads (15)
Network (1)

setup_freeflvconverter.exe

Free FLV Converter

Bandoo Media Inc

The application setup_freeflvconverter.exe, “Free FLV Converter Install” by Bandoo Media Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address 94.31.0.25.IPYX-076665-ZYO.above.net on port 80 using the HTTP protocol.

File name:

Publisher:

Bandoo Media Inc (signed and verified)

Product:

Free FLV Converter

Description:

Free FLV Converter Install

Version:

1.0.0.0

MD5:

d0f93229b937fae99d81e463bb7a463d

SHA-1:

be6df413f8e7d87a7b5dad15fdded148edab56d0

SHA-256:

21f4b1c8705c3a6a251ac5364b8ca577e379bcde946042267f5a10f276eea04f

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

11/23/2024 12:21:04 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Bandoo.1

9.0.1.0113

ESET NOD32

Win32/Toolbar.SearchSuite

8.9707

Reason Heuristics

PUP.Optional.Installer.W

14.4.23.11

File size:

437.9 KB (448,448 bytes)

Product version:

1.0.0.119698

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup_freeflvconverter.exe

Digital Signature

Signed by:

Bandoo Media Inc

Authority:

Thawte, Inc.

Valid from:

10/6/2010 2:00:00 AM

Valid to:

10/6/2012 1:59:59 AM

Subject:

CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5915CD3A113B9B2AE7B497DDDFCDF8F5

File PE Metadata

Compilation timestamp:

4/10/2010 2:19:23 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:G0alZy7YQfYo4XDLXsLNDr2WHT/q2ErRBFLPTycLtsyx:G0alIcc4XDLXWf2am2ELFDTycLts2

Entry address:

0x33E9

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file setup_freeflvconverter.exe has been seen being distributed by the following 15 URLs.

http://dw.uptodown.com/dwn/fBnvUtfyOuVP5TMZfnuVaU4_GINEFW_fq7gBTb9629Ux7DOoPeI_8YRXaPPcDBcb8Gd5pY_QL0mLEpuNnJ2IhOgW7iK5yoAE1B9jgv5R1G6r-mvUpZgZZYLCc3P3aikA/r3g0KZPcikX7k9eIp07yGpshv2Iv7ZfZHQC3a7x40X-n1Uaq3vXiw8RGvQJYn76GsQZtZ7Z6ZQ2TCJe9-BlyTpLRL1-AjIG2yxZAlUDeQbPNr1gwzPlWXCqzH0tIOfDb/ykn8xH2idRzz2vwsfD19XAhbnuaQ1O1LaI405LWXRYkW9hmWVcRxGe6kV0wD6yw6NixldFLKZmL2xEDB3Z6Rj0LR4u6loexZinXnszyB4j8hDDBqW5yHd0yY3enVqJ9d/.../

http://dw.uptodown.com/dwn/pmyVNEpWTufFbsTCbj6uKQ6aYvgxV8oplyR87MPNdK72Kwp0ld47RPFoYIvk-KLmEdPTv4Wnp5tC_kV8x58wDC1_M-7unraAEpxta4jRJhyENDk5OA-nrwsfvzFADm6o/rA2BBNX2lEP0U9lo-aT_BSIV5kuAul8xxvknDREwVL9AuJfIQLd6WtmK2TULJxLRJ_fYWzQt9EvDcTfIcIvpGS5QIzJeKYO_yuqjXhl2xm0WONOYNRlEfB7SFtyCEVBJ/f4EhuKSAOE3wBv8dxsn2GnAKM4rTAXlMtMgeyvZTzKfL6g4fAkK4mAOkZIveiUh26SQiuEdoeydAYtluuIGpcPZho5I2tzSPpRmIa2O8COi_gZ5pGBW7B5B5YYNL--8e/.../

https://dw.uptodown.com/dwn/m4G0t7BBrTNijsB9Zr-bMza2KQ10KI3Vt35GM9RU6tn68ZkwGN0SE0SQEY2eBDjbbiECazHgli-VLDdYhy-Py_V8y4527msD_GxpeTsWWSNjFodMInRJ6XeSuL_kVmDH/AOpPWKFtemwFCPXt40EZ_rfxpjvYTM88QhBmddlzUPnhyGER_VFfw8uKw8kXk_roDQvFXucr30qxqfK-ocrYL9uZ6RCzRzH9JwiUtrCQ9ihR15I1oaKWPNS5rJiuqNsz/HOEOxy8iWlW1PvczD2uJaTw_6kI93c059m_CIL-Z336rns69DJQBx0mMuuUT7KdGr7FWBRu2OyLcyGyFHaWkgxHgy1CMHT8XQuEN2l2yTAHM7aoV4eJpxXd02P84mPwd/.../

http://dw.uptodown.com/dwn/yCEG1IXCbNaBqpwiNw5ubvdEh58KpaTcs0x_Q5H3p9I98SlC6f4VtwT6y3si3F1IHIydnO_sw_5nrjsqYC7vzVBvBQwDJm8RnEy6RusBk2Rl70XbH40K5V8Za2BUR7xv/dvhv2VEMpkon_hRdkpdwezIF6rutVVP7I1QqopfLLfIwb0WRM6A8JluwCrMUnQsJt7GWS6ghwvKICEcfenLtCtc2Xrm3JoG9nPdPvuXwG2d4o_MnHPoE0TXkHaqK_GHa/5qU7DPZN2FAKPLuPKw8kQf4UC_Er4Tw1vPosX9I4vVr9xPzQNS-qKgvWQgcIZcDNxYJRb6D4_jJ71dpyOnPq_AYP1u3vbZ_Wy_mLmYqS_lERfSXfzvyqe2JEO6dHOLm6/.../

http://dw.uptodown.com/dwn/lfgG-eEsBoAmnZ08u2Nzx72pebvkWW5EgBQogRJTffXS54LuZ1-qkcI2-g1u6LDAYkTGuKRu-cVDVcy9nrzIdGtmA_IwO488q3OYDSSZGOtbDeogl5K9Q5O6z6sHsXsQ/8GzKsc4TEa9ql-EqDWEGDrwrrSnhsp_Nafx6m2naPlywxeDBZErJ7WG5CI4OWHm5GJp5lyecURRPOmgIPBMmKdO5qHY_kohRBVtv2tQw76NGDbBUawbQwxA5qjzp-EsD/V9d9MGwGrZkcfKeEtbPQ7-_2kIrZyKPEamUcslQFHTzryMX6Heea2vHjh3HxtB0DqfRrKdSKF0jOlt_RHovI2Lkl2v_rtB8P3YDPbh0INLjd8knaL_BZ5ljjauDu8MDc/.../

https://dw.uptodown.com/dwn/TS-xvAOZ7hFx_eUhV4x_sVqb7UvbKCIYryaohnqwQt8dTUR15c61XKA5xuM-vdsYk0Fa-OiFULjDCQEmZcGQROGT9_xvsbG8w4_fYwHXQstVXMAQnk-AuCv2DYBdPE2E/qhuPjxjEM5M3yZn9zX3zGKRCzYfLsOfyT7KryESbTFO-CrpRqIu_v8hcNltWgBFuA-wZWx6a7AVD-BWfkpGNJQp8vCrbFNYzhk7Wlr2eJEYqVf6T6pnVOGXNnGythLjd/XJXiH8GxB7aIqGEBnnjqhh7YnoqG71tgBVPpqpy7--izkoVpO_mLYIaU73OfV61zQrjX6AToKRhEKE5iEAZ9q5ro0w8ztcqmEa_kyofJcrIVQFVxhIzFzz9o5JjYVoaH/.../

http://dw.uptodown.com/dwn/pNOCcqbdBepe77ggJdO9Xq-Qcm4QyPopUUqu6sWjeWQGF7_RrVkOzE1WaGbgR7bQv4v00KkKNLd-r7VSseri_XQiDP-CkCArMGwxafAzFwz0I7LdGSZpzFmY6WyzoIy6/fy1YrgjrdKX4Cy5XPdDmBYZKIDABcdnwH7UBcTy8rKR3c4NSKYV4pKlHiLa86JKUkVc6oFaB6rZDf0TsAoUOM5oiTM6ROqD1gYAEleYBNI4G0wsEAZL1aOZ7G31zgBa6/pUzwUrSHOfSGrhKhUuxAj8NuaAI0OwY8HMrtzsit2m3ahXEzbEU3crDSfyIVCmiFzg9zZ-jPRHeG1PB3eBnkMKJQMvJkw6stQxJrZfE5ErHPjyCtcJoUljtdFHaS0mwk/.../

http://dw.uptodown.com/dwn/f4D-zjZdc7ImCZHBhmFnphd6IkQz5jt0Fu6huAYEubB7Cmje8rEt7YMPrekHcqeIVVRh1OOn67Ql2KnEZssKRjK9wmz3lwN_qxfh2jd0Lod0D-jJc_4WsZH53a8ZlmX9/66po_LVIobKoi1lHmXZdWfKI6kVL8O2sC43M2Taf-fh8ObzLNnnT1IN2apkU6J3noqmsABL7FXi7p3QK8ZKuImJed-0bHRbB__OUNLmr5tyuRQk6rn1-WHBRF3T8yuxj/ZLDFVxABm7hmNmeSXUCA5nZW58mcIKCaVJjqFv1xaPAbyKJD5BjGkZu0qKmaGg6O9mmAd5peHVz6F3vykTu8yn9nm8IrzMGyJmEkX0Zw09igfU7InP_9rLbFzvHXIOEP/.../

https://dw.uptodown.com/dwn/AuVB4hFy-Rc_sWLI_XMjiAZE1PvAu-P8JVR4LFz6LLYPEWkK9DvNzlGTIztqr9m2O9rQnRh6epTtObmsAM-o_2t6pRbKGbiWLlHH4m8zczEMVxIK_G1Pc1zpyCEohm7I/-F6PM5v0Td-ivZxRjGSsQ8_uicZwXiaoddone9M48clE9Uk14RW81CSRqHyie9cbA5LCq5hxFRPPeSHtNNKJnueumpGeAShdv-R_u8iTaJxHagyUPc3J8J0fy4f1WHvZ/3GXQ0p-A-bWAAB3LB5qfGo9JzZ_jX4TBpa_dv2mU5yjVbUZI5HnjQu7a8XKjQvq11IzV_XO0Osu0rEztL3ae8nI0F8XFogkuDy-ylJ-vZoZzpSTo4MJyg2_eG-VExcT5/.../

http://dw.uptodown.com/dwn/kL_ieuJ7RKyCmSzwX7GHyi8_yqXK5xdErqWQ7-h-zBF1-aYKn3Kol-LrZH_NYiZW-DghS0MHc-88Q1twSCnn-_PvlsOuZf3uxKCtpZSpz0ziP3dhULMCzuU9m4HCdoMw/gIjhpG8IQW8ELlaLv1hIYHBm33fHupUAHOyceva5RcH_QESwqoxu0_D2sRPpt832wp3ZnOjVQ1AoFeAUMXRXPxcnTJtY9NbzYpB6qEYs7g-_goA5ZNeZalo-Q8tSvtQc/6mW1uuMS-xvwnTa3yPw8E1MGRx6QzX8rZFhTD4C4DJgCcvAXFalcEo6K5d-clah_Z04_TE40n52S5M65Z-l2JaD87DFdHD_sjyrMsAgETEEC-8Se3G67Iy95A5qrTI40/.../

https://dw.uptodown.com/dwn/MJxwtLQKjpwAhhRthGvKcLaPG6tasabehHaZyDs-7q-KGZtV48a2TQSBiAX2dV-yVKfUAZmi8kReNspQ0zMvzu3egHER2IBxARRLgedfIybmVQweT13wsR3Xacl_Jmme/8Aj6Q4-405wCnHAnrhtFhf2KafYdvr0KYX-jzZQ4XXgzijbctFtPYKLIA793eIVDdgG1yIE9yBG6wDym9Js1G-YC0u3lLpTjk25mw2Ush6pB1tMjlPMjHQ6kF60hId-Y/ucq9i9kgtDyN0aX0OwQd5v876TDIK50z6Jev8wVHdzK-8KGYRPrW6sdmHaU2xPY4EKn3IzxkC_u9Nhd1z6oYILeMFYI7Xc3kq1rqWWZPy8vt7hwBZgnohFi8QUrWXBYm/.../

http://dw.uptodown.com/dwn/sCZTdhfGvx7SOfO6NLRokqIeTPXSqS3Qnvft7eyGoprdz729wKz0QGKA5QNGlXl1BgNf6jcYvI0rVLuTTNmt-nTY0xbEklSK_ZIpbd06arYIQEH7q9AkkAuojMTrXQKR/hwMfybSjCDyD7joRKHHdbTBlePRQ7Rnz057nZXFGUkhOiGMGL994iHFoOp95tGW9PkA3J-_ws8GYhuPd3mjKyTtclnDZRHFNc_vi9-A06VF9Be3VJLwvTUY_G4Kqw6WS/Tia2VuM0eSVoR8j3S_sBWMs69jVABrMOX9ioVW3GIBUxLVgwzWQkeAx-Kt_ZkTPcqZtRjHyfD1EwOycdGZ0blYuPji7I25gOl_WnwJQXvaGYJdHm2_sEWpybMZX39JJe/.../

http://dw.uptodown.com/dwn/bSV-eb820cAoUiw2_seOb_i7R-7N7FirowuJvr6M5wG-UK-KUeMPPLs8VBrG5CrHhuEkU9pKTJthBNlLn6JXUk6UnMRDVFHYgmMyGSq8WXC_W6aLlPlzcY6mAryO_26t/kGOK-gvQxiBMIZa1E-0H3wWpjGaHleMsMiSFZ9SMHO4Dw4daniHqT0MQlVqCLsD3JHZkcGULVN8cihShV6YFdvurVorifTUig_GOQEmWQJAPkFSDKNV-h2ym-ztRGpoy/W2wGh3Vqbr-F9ZLhN-xh48FzDBc50N3s3TadBV0dbVIs_a0LGjd15WmdaInZFRDzc-zjoOULVt2vcSj07QxxhVvPPSBguBMmK1DDcOt4QQ2zIaNIEYwa98ajhwUymkJU/.../

http://dw13.uptodown.com/dwn/P7OUKxY3-8rDwMm00Y4GYWoXHPpvxjArxAyaBhvpeAsS-i6xkBDrcXsB1hMwEfb2Vyujzhl2BC9IfvcxBpicj-1FVGEcxBZJtayhuMrT4rUgA7O_XlUzgk5PscEQSMIB/VqzBUdu3XbAG2KRiMRF4FmmzbqLZpleTftXi8aeD_bvBp48F7syZoOWqXEphiySBZVGXUEI0JRYTUrqUZnpUc5myxqzZEMuEszmwusbLvY5JeUGbulUy9-iR3u6oQdEL/_d8-blEz2lSOj02Ymg1ErpPgzW3waFFv6ltTEP3BtCymsNEMyxAydb-IDnOBr-z6QZAZuspHKBuDHP2yX8jo1IDZcjWyQg4lC3QkwT_PQWmEA9n0WVIo0mHQCm5-BZPd/.../free-flv-converter-7-3-0-es-en-br-fr-de-it-cn-jp-win.exe

http://download.cdn.koyotesoft.com/r/cdn/.../Setup_FreeFlvConverter.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 94.31.0.25.IPYX-076665-ZYO.above.net (94.31.0.25:80)

Remove setup_freeflvconverter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.