home

any_video_converter_free_6.0.8.exe

Software

International Data Group Poland S.A.

The application any_video_converter_free_6.0.8.exe, “Software Setup ” by International Data Group Poland S.A has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.quickfarmbundle.com. While running, it connects to the Internet address 6bb6e769.setaptr.net on port 80 using the HTTP protocol.
Publisher:
International Data Group Poland S.A.  (signed and verified)

Product:
Software

Description:
Software Setup

MD5:
1f2cc6d0122af6460191192983c8add9

SHA-1:
bd2161b18ea57f5b7d57a09def6eefe7ad9a8dc7

SHA-256:
0a68635d6843b2a5731e1a98186f65668fc87c32e76cd095e10af243780d4501

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 7:47:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.3.12

File size:
1.8 MB (1,840,288 bytes)

Product version:
3.2.2

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\any_video_converter_free_6.0.8.exe

Digital Signature
Signed by:
International Data Group Poland S.A.

Authority:
GlobalSign nv-sa

Valid from:
8/30/2016 3:21:17 AM

Valid to:
8/31/2017 3:21:17 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
64A80379DAA3514FAED45E16

File PE Metadata
Compilation timestamp:
7/9/2014 12:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9601

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file any_video_converter_free_6.0.8.exe has been seen being distributed by the following URL.

http://www.quickfarmbundle.com/wvFWXZ3jrOstz6z1hexIZ 7Uts2aOVePAiqNqioPB1r1 QTuCsSH DnMorRAiO4ulAtA2L1EA9wQBkBmlExrfPMCLRp0 xFzVmvFizyOdsMcWXguiMTmsmSZZkxxo1Bc Xe6wfpOB9DfBZ_wMyokdBBwMv_Tc82soXqz62DD3pYrwvNdkJZ2a KUAXxtQOp1pq2Tc9nm2mKIdwxu9DSFu5 r843_MypFnOI Ckv9o6QVofrm5pfMxokYN4bB9knS7xTCmM0l5q5dHB4IcA1MYFXWKWC0j2qDmbS5FQKYWYI3kZPWlm6TFib3eoG5QRcMT4PWpS3riGpjCjAGpCIM_OusuD M__s3o7GGq5M_bL3vbS8dpW0TvVPUDnMZFejObDCdbmaGOOErr3cq1QP_DnVTBPkOGcCTRZ_ZA4TOy8NJHi1CZXrjMkkfXKkOsz3DsvZ_IYbJlKMxQ_6fv0PbekFGa3g4pvC9xUfe 02rLc7NXdA3K9kZt gww1Toqe4af2uVGA8yhiLOScskFfkYcZc4beQxVNDP3kt4tXQNWssWauY09wyZLBzQ6rwJn78UlEKd1gS6bHDOkYR2bed0cYDav4ROIVuJSgBmkTyOWl3I6Wr 6PP2fiK_WlYBU0p6oFxSTQK9Rl RPfEC7xpTGexdBKJkA==-Gy4AAAR0YzHtsR95NRhEwSEH7N_CKLAHG2PnCI4iyhtT_t0PLJNbJprewlS5AA==

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 6bb6e769.setaptr.net  (107.182.231.105:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to 50.115.122.45.static.westdc.net  (50.115.122.45:80)

Remove any_video_converter_free_6.0.8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.