home

amrtomp3converter_setup.exe

AMR to MP3 Converter

www.amrtomp3converter.com

The executable amrtomp3converter_setup.exe, “AMR to MP3 Converter Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from amr-to-mp3-converter.en.softonic.com.
Publisher:
www.amrtomp3converter.com

Product:
AMR to MP3 Converter

Description:
AMR to MP3 Converter Setup

MD5:
279dfc721212b786aae3f2ccaebe804f

SHA-1:
7cd089bee93cd23bd82505fd1e35b0ce6075816b

SHA-256:
924961526d30e425b6f783c25ff4517d263471d082212e6eb4d911608a63cef8

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/25/2024 8:25:25 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160215-2

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.2325.0

Norman
Win32.Sality.3
29.02.2016 05:46:54

VIPRE Antivirus
Threat.4758034
47848

File size:
4.2 MB (4,390,178 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\amrtomp3converter_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:c3PAfD2zWY6J+ea0YCJgXxTjzdgbHnb4iB9rcxl/1Wd1Zg:nfKzNFxCuBTfSbHnb4ibcb/1WXg

Entry address:
0x9B60

Entry point:
0F, CA, 69, C8, EA, 16, 55, 64, FF, C2, 0F, BF, DF, 8D, 3D, E3, 34, 29, 7C, 81, F9, DF, 75, 00, 00, 68, 1C, 59, 1D, 00, 53, C7, C1, FA, 8E, 1D, 2A, 8D, 2D, 44, 97, 46, 46, 4E, E8, 9B, 00, 00, 00, 72, 07, 3D, 69, A3, E3, 5F, FE, C9, 12, CF, 81, FF, 33, 5F, 00, 00, 71, 09, 14, 88, 0F, B6, E8, F7, DD, B5, 87, 57, B7, 15, 5B, 71, 0C, 8D, 05, 15, 3E, A5, 72, 81, DD, EB, F8, 5F, 5C, 53, 70, 08, 8B, EA, 69, CF, E6, F8, 25, 0C, 5E, 69, DB, 25, 23, 8A, 2F, 69, EF, 88, D9, 31, 79, 74, 03, B4, 7B, 41, 80, FC, 3B, B0...
 
[+]

Entropy:
7.9985  (probably packed)

Code size:
37 KB (37,888 bytes)

The file amrtomp3converter_setup.exe has been seen being distributed by the following URL.

http://amr-to-mp3-converter.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPfKtnB1uXSupsCcTiN8syf7rYPShcHHE/1hqVlQuIH5FICAsBEv7W/.../UyYH4 gZ0QoGA4OLzgEUPpX96NBE2OTTzriN8uwrWdqguP6M1LLw=

Remove amrtomp3converter_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.