wiseconvert_tsa26vk0u.exe

Wise Convert

GOLDBAR VENTURES LTD

The application wiseconvert_tsa26vk0u.exe, “Wise Convert Setup ” by GOLDBAR VENTURES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dde.de.saeaservices.com.
Publisher:
GOLDBAR VENTURES LTD  (signed and verified)

Product:
Wise Convert

Description:
Wise Convert Setup

MD5:
037b1005681664af42b08b1c14f398bc

SHA-1:
96af7d096ca4806b674a50c01af1f75c79e407e4

SHA-256:
a199c3bffbe0c10ecb358fe0e9ea5bcee9a208a1834460555e526252475d06ed

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 3:45:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GOLDBARV.Installer (M)
16.6.17.10

File size:
825.4 KB (845,176 bytes)

Product version:
1.9.10.1

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wiseconvert_tsa26vk0u.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/12/2014 2:00:00 AM

Valid to:
6/12/2015 1:59:59 AM

Subject:
CN=GOLDBAR VENTURES LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GOLDBAR VENTURES LTD, L=Rehovot, S=Center, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CE9130B02BD1B2F538D9ADBA8977E08

File PE Metadata
Compilation timestamp:
7/9/2014 9:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:8xGQOMU178UlsDoCWLj+ESkb/xYrIamZZnap5dnU:BL8xHK+jOS9bfnU

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file wiseconvert_tsa26vk0u.exe has been seen being distributed by the following URL.

Remove wiseconvert_tsa26vk0u.exe - Powered by Reason Core Security