videopad.exe

VideoPad

NCH Software

The application videopad.exe, “VideoPad Video Editor” has been detected as a potentially unwanted program by 5 anti-malware scanners. While running, it connects to the Internet address advanced1062.inmotionhosting.com on port 80 using the HTTP protocol.
Publisher:
NCH Software

Product:
VideoPad

Description:
VideoPad Video Editor

Version:
3.12+

MD5:
bcd6d5b74a6faad655f6d61fca7a0a1a

SHA-1:
b40a1cd52c05c7eedb75c7f7bd837b713b495270

SHA-256:
04456ecaa068fe032a333e97c35b9e0e2547f6c332a9dd6d9ba5791daf6de33f

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 7:03:54 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Google
4.0.3.14225

Bkav FE
HW32.CDB
1.3.0.4924

ESET NOD32
Win32/Bundled.Toolbar.Google (variant)
8.9421

Trend Micro House Call
TROJ_GEN.F47V0902
7.2.56

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
26446

File size:
2.9 MB (3,037,240 bytes)

Copyright:
NCH Software

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Program Files\nch software\videopad.exe

File PE Metadata
Compilation timestamp:
8/26/2013 11:21:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hBPrZL/2ZhQBUQEDkRzmZu2FSZ2rqMf+H7OOqTXz0ljdwc7u/c5:NL+/WUQmkRi32s+Hvq0/w05

Entry address:
0x19344

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, DC, 0B, 78, 00, 36, BF, C7, DE, 6C, AA, 7C, DF, 35, 71, 84, 90, 8E, BB, F6, B4, DB, EE, 9C, 88, 0A, A7, 65, 1B, 2F, 2B, 0A, A8, 92, A1, 48, DB, 70, 8B, FC, EA, 68, 32, 4F, BD, 8D, 73, ED, 51, 1B, 58, 52, F0, 92, 00, 81, AF, B6, 17, 22, 87, 48, 9B, C0, 4D, 8B, 80, 99, 30, 43, F5, 9D, D3, 1D, 76, FB, 16, 78, 51, C3, 88, 0C, E8, 71, A0, 99, FF, 47, 97, 3C, 44, 2E, B9, CB, 9D, 59, 83, 10, 22, 61, C8, 08, 6A, 53, 96...
 
[+]

Entropy:
7.8430

Developed / compiled with:
Microsoft Visual C++

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to advanced1062.inmotionhosting.com  (173.247.250.125:80)

Remove videopad.exe - Powered by Reason Core Security