home

convertad.exe

The application convertad.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. While running, it connects to the Internet address dl21.clickmein.com on port 80 using the HTTP protocol.
Version:
1.0.0.1

MD5:
a8088200bda16f0a6b28b6ac6a4d212e

SHA-1:
bec6a6999d26dd5d94a8ad2d0718dc9915bc0d7c

SHA-256:
54b7f9d09650d06a9125e866f2670e972d234aa48d0e893c6d6a1a72ac3d56d5

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:43:34 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-150707

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.177474
8.15.07.07.03

ESET NOD32
Win32/Adware.ConvertAd.AA (variant)
9.11689

F-Secure
Gen:Variant.Adware.Graftor
11.2015-07-07_3

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.ConvertAd.Meta
15.5.12.23

Sophos
ConvertAd
4.98

File size:
1.7 MB (1,777,152 bytes)

Product version:
1.0.0.1

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\convertad\convertad.exe

File PE Metadata
Compilation timestamp:
2/9/2015 1:20:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:G6XsQUbyORk3Do/pJtPBcqYTL3pu8n5hbO7CmjBfxyBsLJpR7c:zLUbTk8/9PBcqkL3pu8nyuifxyBsL1

Entry address:
0x10F88B

Entry point:
E8, A8, 73, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 2D, 58, 00, 75, 02, F3, C3, E9, 2F, 74, 00, 00, 8B, 41, 04, 85, C0, 75, 05, B8, F0, C8, 55, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, F8, 0D, 00, 00, 8D, 70, 01, 56, E8, 89, 34, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, F5, 74, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D, C2, 04, 00, 8B, FF, 56, 8B, F1, 80, 7E, 08, 00, 74, 09, FF, 76, 04, E8, EA, 34, 00, 00, 59, 83, 66, 04, 00, C6, 46...
 
[+]

Code size:
1.2 MB (1,263,616 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dl21.clickmein.com  (216.227.128.186:80)

Remove convertad.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.