uvconverter.exe

Copyright (C) 2016

The application uvconverter.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a windows Service named “Convxxxx”. While running, it connects to the Internet address server-52-85-83-208.lax1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Copyright (C) 2016

Product:
Copyright (C) 2016

Version:
1.0.0.1

MD5:
58091ce3f6a5c663bd1291dc46942239

SHA-1:
9f11cbed695bf3b7de49152cfa5e4bf54bcd52db

SHA-256:
78122f9b710c7329e3644bc0db4ccf9a03183bc87696d7cda15dc30507a314f1

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 3:49:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1690496
32

AegisLab AV Signature
Adware.W32.Agent!c
2.1.4+

Avira AntiVirus
ADWARE/ELEX.dsmwg
8.3.3.4

Arcabit
Application.Generic.D19CB80
1.0.0.792

avast!
Win32:Adware-gen [Adw]
2014.9-170103

AVG
Generic7
2018.0.2510

Bitdefender
Application.Generic.1690496
1.0.20.15

Bkav FE
W32.eHeur.Malware08
1.3.0.8455

ESET NOD32
Win32/Adware.ELEX.BY application
6.3.12010.0

F-Secure
Application.Generic.1690496
11.2017-03-01_3

G Data
Application.Generic.1690496
17.1.25

K7 AntiVirus
Adware
13.246.21924

Kaspersky
not-a-virus:AdWare.Win32.Agent.xxdcfy
14.0.0.-956

McAfee
RDN/Generic PUP.x
5600.6166

MicroWorld eScan
Application.Generic.1690496
18.0.0.9

File size:
387.5 KB (396,800 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2016

Original file name:
UvC

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\adgjd\uvconverter.exe

File PE Metadata
Compilation timestamp:
12/27/2016 6:03:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

Entry address:
0x27798

Entry point:
E8, 04, 97, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 20, 33, 45, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 9A, 5F, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 04, 71, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.1175

Code size:
270.5 KB (276,992 bytes)

Service
Display name:
Convxxxx

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-239-132-127.sfo9.r.cloudfront.net  (54.239.132.127:80)

TCP (HTTP):
Connects to server-54-239-132-138.sfo9.r.cloudfront.net  (54.239.132.138:80)

TCP (HTTP):
Connects to server-54-192-14-233.ams1.r.cloudfront.net  (54.192.14.233:80)

TCP (HTTP):
Connects to server-54-230-141-173.sfo5.r.cloudfront.net  (54.230.141.173:80)

TCP (HTTP):
Connects to server-54-230-141-106.sfo5.r.cloudfront.net  (54.230.141.106:80)

TCP (HTTP):
Connects to server-54-230-141-123.sfo5.r.cloudfront.net  (54.230.141.123:80)

TCP (HTTP):
Connects to server-54-230-216-165.mrs50.r.cloudfront.net  (54.230.216.165:80)

TCP (HTTP):
Connects to server-54-192-25-51.mxp4.r.cloudfront.net  (54.192.25.51:80)

TCP (HTTP):
Connects to server-52-84-25-37.sea32.r.cloudfront.net  (52.84.25.37:80)

TCP (HTTP):
Connects to server-52-84-246-47.sfo20.r.cloudfront.net  (52.84.246.47:80)

TCP (HTTP):
Connects to server-54-239-132-20.sfo9.r.cloudfront.net  (54.239.132.20:80)

TCP (HTTP):
Connects to server-54-239-132-130.sfo9.r.cloudfront.net  (54.239.132.130:80)

TCP (HTTP):
Connects to server-54-239-132-128.sfo9.r.cloudfront.net  (54.239.132.128:80)

TCP (HTTP):
Connects to server-54-230-216-48.mrs50.r.cloudfront.net  (54.230.216.48:80)

TCP (HTTP):
Connects to server-54-230-141-48.sfo5.r.cloudfront.net  (54.230.141.48:80)

TCP (HTTP):
Connects to server-54-230-141-232.sfo5.r.cloudfront.net  (54.230.141.232:80)

TCP (HTTP):
Connects to server-54-192-36-99.jfk1.r.cloudfront.net  (54.192.36.99:80)

TCP (HTTP):
Connects to server-54-192-36-79.jfk1.r.cloudfront.net  (54.192.36.79:80)

TCP (HTTP):
Connects to server-52-85-83-31.lax1.r.cloudfront.net  (52.85.83.31:80)

TCP (HTTP):
Connects to server-52-85-83-250.lax1.r.cloudfront.net  (52.85.83.250:80)

Remove uvconverter.exe - Powered by Reason Core Security