» videoconverter_v5.exe
Overview
Analysis
File Details
Downloads (1)

videoconverter_v5.exe

The application videoconverter_v5.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from www.securefiledownload.com.

File name:

MD5:

333c98ace48dbf20d66e8d1161a9952c

SHA-1:

8e5c551785b19df4710b7c108db13864e6a31429

SHA-256:

1097762d7895dd5a4d31052234ead232ac4afeef806e6315104648b886db95ac

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:

11/17/2024 12:32:48 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.122.188

Bkav FE

W32.Clod722.Trojan

1.3.0.4613

Dr.Web

Trojan.Packed.2822

9.0.1.080

ESET NOD32

Win32/InstallCore.AZ (variant)

10.9232

F-Prot

W32/InstallCore.W.gen

v6.4.7.1.166

IKARUS anti.virus

SoftwareBundler

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.174.10679

McAfee

Artemis!333C98ACE48D

5600.6455

Microsoft Security Essentials

SoftwareBundler:Win32/DealPly

1.165.247.01

Norman

InstallCore.UMFM

11.20160320

Panda Antivirus

Suspicious file

16.03.20.10

Reason Heuristics

PUP.InstallCore.ENG (M)

16.3.20.10

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.16318

Sophos

Install Core Click run software

4.96

VIPRE Antivirus

InstallCore

24918

File size:

1.2 MB (1,254,616 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\videoconverter_v5.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:GBbhZEyx4yHQkv+P8BhSbs1sy7ufaTclQFDliPZqs9PqN96AgwAqjXci:CZEyx4ywkvw8Bhx+LfaUQlli99CN96k6

Entry address:

0xDA010

Entry point:

55, 8B, EC, 83, C4, F0, B8, E8, 24, 40, 00, E8, E9, DF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

885 KB (906,240 bytes)

The file videoconverter_v5.exe has been seen being distributed by the following URL.

http://www.securefiledownload.com/.../VideoConverter_v5.exe

Remove videoconverter_v5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.