setup_freevideoconverter.exe

Free Video Converter

Koyote-Lab Inc.

The application setup_freevideoconverter.exe, “Free Video Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.flashfilescurrent.com and multiple other hosts. While running, it connects to the Internet address 94.31.0.25.IPYX-076665-ZYO.above.net on port 80 using the HTTP protocol.
Publisher:
Bandoo Media Inc  (signed by Koyote-Lab Inc.)

Product:
Free Video Converter

Description:
Free Video Converter Install

Version:
1.0.0.0

MD5:
e53c12fea64d623be51b98a22dcdbba1

SHA-1:
a5f13a76d2ab05d9dfde7658412af1643dd0e4df

SHA-256:
a9740aafe8582e08a9d1aed76a9d57fba90286a8e3b605979b276691c75839ca

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 12:18:08 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2497
9.0.1.0354

ESET NOD32
Win32/Toolbar.SearchSuite
7.9171

MicroWorld eScan
Win32/Toolbar.SearchSuite
14.0.0.1062

Reason Heuristics
PUP.Installer.KoyoteLab.Y
14.3.1.10

File size:
496 KB (507,944 bytes)

Product version:
1.0.0.127769

Copyright:
Copyright (c) 2011

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_freevideoconverter.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
2/23/2012 1:00:00 AM

Valid to:
2/22/2014 12:59:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Q0aKjy7YQfYoyDTuj0nbEV9J25Havq8j+jIyG1wRgzj:Q0aKOccyDTE0nIV9J25H8+DgX

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file setup_freevideoconverter.exe has been seen being distributed by the following 6 URLs.

http://www.flashfilescurrent.com/UPFxMyF53DTf2RIVTP_0qiY1mESb4ybWbE0BkMj4i84E1o6WklA qNAzRa5tTiXsM_Y2EFksJPMDwWcRLgWmyTfhIjYLYDBdDhKr5DrxEXzPHxjfFS_qc7L7D_s 6YqvGzNUpGUAFDErGxsiWpIzyB79mnDOn1e 69E6md7sOVrtBhsgazBLUP0vofHIWEHvFQX7qHMX14ChF_Ssf0ZlKTfbwLpGotyh0hYWobPnSM13htKPIzqFuEcmsY22IgpOl3VNU4oyFg55Gziy l1yjSW7L9_ZOv20XTrXpeIMFdeABN4QYIhO9QlsJ2bMZD6Xo9Cef22hQpesdDTsBiQiBKCYGg284hZPB8cabdwbOgutBSxEdVlUZFOaz2oWa7oxLTR4SRBZuoarnZkgBD6btGfjc4K7xw0xaUHZbH6l0WcuehqwhsMxu7Aq0KZYUNqgZqOszzGZl3QffdG4otv9YoLsQFcxBZfBDvN3HcrNfvLJczjq_MH8EFf2eBS7LdpO9vVpWcqo-G2IAAGRwXmtvdmhTaOAlcMiBy60lEmgAFmGwMXaeEkFFXtd2CeLbU8uyUttoEOSb9V8v5mpycbtj_LLDYx_rz6t9p5usM0Kfvi8sAyFyvEbAYW2Y5EUZl0mYAw==-e

https://secure.innodl.com/.../koyote-free-video-converter.exe

http://www.universetourdownload.com/E9GAvCWfhRtRKRmTh1f6F6WHrTJ9FeuTcpAARyUjvB_EePal7PobyA159GCHrXMwfRBXu5xlu0YY5B_dWcVyFEB_zHJv7_vt11W6XjbrHkKbyRdSd4QaVKClAuLD1c1VJVAFzw0kCWtLJIRe5OLBiTuOy51muZXbTscDEyNQqaBAmQh0sJfpffoq6tqdPflxNNElAqr169L7jUny8xcynzVda6CdNA==-G2IAAGRwXmtrOJGpDggccuBya4kEGoBFGGyMnadEUGnPc70E8Y26eV7KsdEwYjws33JWUBPEDcf4rXZUvZV nCqky6X4Ez83rDZ9ySYbRIF4QKWSDM_SPEPxIg==

http://www.funapplicationscenter.com/c?x=F4V4YAQoDoEAeIVGi374qNXvZsIS a1yxgwG5U00V1s=&c=dL15obSnJaWZdkT vzzKtJ7AbFIs5sz6 dZFOwl0vFeTF2PBfTTNyXj oF2HmXWtdTW89SWJ5muAkNsLDDqjQbjuwooKTL1xJd8WVRSZFco0ZOyOYKKh1rqsfBRd99CmENU29gjcTM/yp3UfzlFDn5BKOsglyUrT1fr0P4jAVMY=&e=0&fallback_url=https://secure.inndl.com/.../koyote-free-video-converter.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 94.31.0.25.IPYX-076665-ZYO.above.net  (94.31.0.25:80)

TCP (HTTP):
Connects to 94.31.0.52.IPYX-076665-ZYO.above.net  (94.31.0.52:80)

TCP (HTTP):
Connects to 94.31.0.160.IPYX-076665-ZYO.above.net  (94.31.0.160:80)

Remove setup_freevideoconverter.exe - Powered by Reason Core Security