home

anytogif_setup.exe

Any To GIF

zxt2007.com

The application anytogif_setup.exe, “Any To GIF Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from any-to-gif.en.softonic.com and multiple other hosts.
Publisher:
zxt2007.com

Product:
Any To GIF

Description:
Any To GIF Setup

Version:
1.0.4.0

MD5:
d7c4d6d92b6b58b6029abba4687ca036

SHA-1:
9a5b7cbc85d3fdc59ace1c9027d13e291296f613

SHA-256:
61031b9210bb1e79a3b62a909b0ee0048d215d1a24d77e126151f0f59196d27b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 2:04:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.zxt2007.Installer.Meta (M)
16.7.8.10

File size:
1.5 MB (1,575,132 bytes)

Product version:
1.0.4.0

Copyright:
Copyright 2013-2015 ZXT2007.com.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\anytogif_setup.exe

File PE Metadata
Compilation timestamp:
7/16/2015 3:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:txGtOnSFvdGsIPJP2HbjuD9VNydnxcMT93ozUHkqKRejZp0DIGbCHoJrfRaBB:mUSFFCPJP2HbjuD9nBxgKRwKMGeMRa7

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file anytogif_setup.exe has been seen being distributed by the following 9 URLs.

http://any-to-gif.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN5JOTkdp1YTv O2sp4sPZb0OC2m/Ia/pbc833vBs9/S3YxKFuW0LLAsnXBjjJ4HPS/YYYhiKu 41ahcTTfqZBCvcyiomDezme8BD1l/1nZUa sc4MTSVBGgNTQipihLS/SS9enLispMl6IqRUcvQBFvDmS19Pl2KLM8Ins3eV/CnOnX5l0mQojLx7862Z3VQZQ vsXoqQ2J5GaoUesQLz61A/iP4xksoZX7jXkwXG6x6govFwf2oCC480WMBqPPMpmKDAFBKqipHfdv7aOXT0sYJaPtpCsuYZd0dY/8ZpY3y71QjJwQkl1p8mNlEe9OGL3li6h3Luehd8mut/8aOKzjuVml4EGz0cmCmelRNCDrQISbbYcwqQkhquAV3wylC6DUwbo6hlobYgUbiuWimrjE9 Bds8uy5vzHrf4KYm5BfVO1PuDxrlrlC8GhDby80b u d5rUplhAggG2t7Gsi/SSmGv5zvRCi9fp16A2L493K8C QmDW6qfEjlIAeX2DCoS2GjtrF28Uo9fugyLlFPiak5oy/vVEJO/6J5W6N wOA/n c3K1UFGnEttiU TbU/dEhwf1fOHl1Ei kc7db1ThGuDvId2raLS2i3Vx/.../Cyq0rhqDHrdSi4uhUo=

http://any-to-gif.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtjVOcEIbIvK9GHCkEMGWva5n3W5qN /Zb7pVWlrM6/3tk00uYw/MiUCk5Vg/LjxC2qCfR2BtJ sRPXFeY93IYkbYhyUDWHL/i248WNa5CjwEgXEPkjvAlplIJFxNxapG l2UzI5LqoCoexnSL4Tx2AOJfp7YyHJqlLWt/xRmeajdMfX2XS8Zbwyu6UygPfKLMs6cP9isbuBJ2ttIV/ahuDbjbwb/PD8eujBhx8BnADMraVaxmipt1kgDthRQOF6FxYbpQIV9UCxmYdARbsq3d2/btjxRM8Aawjx6Jg2ftALK QDutSBQMOQ83qShjTRNpkA73qhi5u/t3nByTrfvPA/JJeAntaw7RO9Ef nGSAWpIE B5WHZWqRv3eVal9kIZMmh0A0upKWdRGM1qnAVFZHIlGFmqInuy6IxjQ266k6QRqmofhcvr6CkxWFAFchb5LY9v/FYzXumT2IQtTzRHXsnDH8Y8t85Ec/.../NWVW3q0Hzw6iIUhi4rCqGsGYtwcqmS5fPQLriI7q9xm9wsqDD0E9mGzE3OLdXnvZdpk4vgNNu9hrQSbNwYRAc=

http://any-to-gif.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtjVOcEIbIvK9GHCkEMGWva5n3W5qN /Zb7pVWlrM6/3tk00uYw/MiUCk5Vg/LjxC2qCfR2BtJ sRPXFeY93IYkbYhyUDWHL/i248WNa5CjwEgXEPkjvAlplIJFxNxapG l2UzI5LqoCoexnSL4Tx2AOJfp7YyHJqlLWt/xRmeajdMfX2XS8Zbwyu6UygPfKLMs6cP9isbuBJ2ttIV/ahuDbjbwb/PD8eujBhx8BnADMraVaxmipt1kgDthRQOF6Fz2E41UniHxjAeLIsAIGActsMIHST0l3C6ufN2AmRv7UnZ2QlrbgHUOziA/.../2A9dLLs668Fq1xbdHtVamkLQVpOSjD1k5PuFIcV62uRWHftO2idQbFTsUxdOnUpMKCbFtU6NExnVPquRCQ8EOiLB LKflwDZhPfFhostqQ3iMR3QtCEidbvjBbzb20zMmQxgUM4fMm66LzFTe8PyqMUd93I4 1eXN3yiysHUjYgBvNWVW3q0Hzw6iIUhi4rCqGsGYtwcqmS5fPQLriI7q9xm9wsqDD0E9mGzE3OLdXnvZdpk4vgNNu9hrQSbNwYRAc=

http://any-to-gif.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtjVOcEIbIvK9GHCkEMGWva5n3W5qN /Zb7pVWlrM6/3tk00uYw/MiUCk5Vg/LjxC2qCfR2BtJ sRPXFeY93IYkbYhyUDWHL/i248WNa5CjwEgXEPkjvAlplIJFxNxapG l2UzI5LqoCoexnSL4Tx2AOJfp7YyHJqlLWt/xRmeajdMfX2XS8Zbwyu6UygPfKLMs6cP9isbuBJ2ttIV/ahuDbjbwb/PD8eujBhx8BnADMraVaxmipt1kgDthRQOF6FxoIuhYpcWtHbDrU7jKhtAjqzAbSyWhLKdLmQhKtlFB6Srt7pObMv25MJrfaaaQ2AP2fcI5xPb 6Ou2N0etsGjqwv/870xxAr72FAms8FSOsTtHcIykJRH5wLUQfSMq2NMSVYeswFC24oCHxinFizurWm3gpv0h3Jr5jBAnt/DkXtWxSRKso6vJEIL9wFvzCWdkvfqmSCylwbk6ZM4NyYGk3Xc3GXoXy8EcnRcZKFC0qEYXmRv7X6iAkuPQ0/.../Q1p0Rmtgf1VTnYiYFc7mZHBFeYFm4qhQx9PNWVW3q0Hzw6iIUhi4rCqGsGYtwcqmS5fPQLriI7q9xm9wsqDD0E9mGzE3OLdXnvZdpk4vgNNu9hrQSbNwYRAc=

http://any-to-gif.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtjVOcEIbIvK9GHCkEMGWva5n3W5qN /Zb7pVWlrM6/3tk00uYw/MiUCk5Vg/LjxC2qCfR2BtJ sRPXFeY93IYkbYhyUDWHL/i248WNa5CjwEgXEPkjvAlplIJFxNxapG l2UzI5LqoCoexnSL4Tx2AOJfp7YyHJqlLWt/xRmeajdMfX2XS8Zbwyu6UygPfKLMs6cP9isbuBJ2ttIV/ahuDbjbwb/PD8eujBhx8BnADMraVaxmipt1kgDthRQOF6Fw3MHqsjMOdD2l2wWGL2ijQboOJNu0hrukhFNCt0 PU6UbywQphtgAOYrF4W2eaRS9O90lcPB54r93A7Kp/8pmxIrH4e8OosOBhlGvIxOXYCDhzhEoppj7LSTMxhav5AzgDFgxXM/NKfbYPEsbQkx5BqG/Kmu/JGsf 4EB G1Jm356cmheuSw2j6tQwwC9UHkmDfka3EQbiYV9aY7m6gd2zu3UNp4jlaFqhT4VHlJ/.../URVf4v1uJuDt2YjhIyAf2PNWVW3q0Hzw6iIUhi4rCqGsGYtwcqmS5fPQLriI7q9xm9wsqDD0E9mGzE3OLdXnvZdpk4vgNNu9hrQSbNwYRAc=

http://en.softonic.com/sads/tracker.php?ev=c&co=PH&sid=7b99e948fde88400486b62925c1a9872&upv=8767966fd81e187a6ad7e213cfdf0b9e&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E0313858C8F8C1052086E0A941149460CE7510D1990FA7950706077490C398CB5F840F91E8227B5ED8C5951617D0B35929AA5E40B134172A163F85D08427ABD52FD605C250DB7D2FC4CC5AE7970B7D1F7B44028273EF18CF488AE1CCF9346AC8D64B2D4FF27CB636F0850D5E338D1240144D8BE178D996B11BE187C9179C195884362767D3A864C32634F27F7D0376DAB3B6F5F7038DB68BC441DDF8B237E907513&h=F7111C45E9AF2224334539F0BF64ECC84405850148218F73E0C8077C9CB4ACCA&directdownload=1&f=69667320&d=http://en.zxt2007.com/.../anytogif_setup_ad.exe

http://any-to-gif.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtjVOcEIbIvK9GHCkEMGWva5n3W5qN /Zb7pVWlrM6/3tk00uYw/MiUCk5Vg/LjxC2qCfR2BtJ sRPXFeY93IYkbYhyUDWHL/i248WNa5CjwEgXEPkjvAlplIJFxNxapG l2UzI5LqoCoexnSL4Tx2AOJfp7YyHJqlLWt/xRmeajdMfX2XS8Zbwyu6UygPfKLMs6cP9isbuBJ2ttIV/ahuDbjbwb/PD8eujBhx8BnADMraVaxmipt1kgDthRQOF6Fx34z1fHF1ZzAnvXIKpGX3CojYQ7U55czj1gcnn PIFOoZf7XoK75EHnZicLFFFZyCoBgjN362KXQgkpeRdDfkYoH2z1pbuKv3N1wn0RWyjjK4OLEitadmV0FaJ/Q8uYVTWK4hpxFppNzBt6IXMN5qzuHFsitNLSVZF/.../GGoJy3r ZmOl gvNWVW3q0Hzw6iIUhi4rCqGsGYtwcqmS5fPQLriI7q9xm9wsqDD0E9mGzE3OLdXnvZdpk4vgNNu9hrQSbNwYRAc=

http://gsf-cf.softonic.com/9a5/b7c/.../anytogif_setup.exe

http://en.softonic.com/sads/tracker.php?ev=c&co=MY&sid=f1d7de3385e2a4d132748f4c04906188&upv=b1da8b3844c61dabc95c11b4be6a75ae&z=results&sk=0&abp=0&params=F39B2A32BFC101987B1458170C278E0313858C8F8C1052086E0A941149460CE7510D1990FA7950706077490C398CB5F851CABECA44304C755ECB79B7B3DECF946759191B4C01730A1AEC0FB38ACBBF09C9DF902BB73A5105917DB604F16562E401F2BC360BC04C2595B6E9A5A835592F656D8DB4DF7DCA4C627ECAC989EB0592C6F094515440D9122DE131A2EB70F9FBB36863D500169B7BA8B41BF358D17257&h=4B8EFBCC03157D6ED809BFA9C3BCF3F083B1B5581D7EED66D9DB5C75E6BD1D03&directdownload=1&f=69667320&d=http://en.zxt2007.com/.../anytogif_setup_ad.exe

Remove anytogif_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.