dvdtoiso_setup.exe

Free DVD to ISO Converter

Rspark LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application dvdtoiso_setup.exe, “Free DVD to ISO Converter Setup ” by Rspark has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OutBrowse Revenyou installer. The file has been seen being downloaded from mediafreeware.com.
Publisher:
Media Freeware   (signed by Rspark LLC)

Product:
Free DVD to ISO Converter

Description:
Free DVD to ISO Converter Setup

MD5:
7c6d78b34933c53f77bae36804a71e13

SHA-1:
61391de34778b08c9c3d17db577169ac911fccf6

SHA-256:
e3e4b7d169d4831576f590128931ed5a41adb84088baba383d5233856716f46f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
9/26/2017 8:27:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Rspark.O
14.9.30.13

File size:
576.9 KB (590,784 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dvdtoiso_setup.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
11/24/2013 4:00:00 PM

Valid to:
1/26/2015 4:00:00 AM

Subject:
CN=Rspark LLC, O=Rspark LLC, L=Seattle, S=Washington, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0969FC9F3451C04483AE5CCEADE9FC13

File PE Metadata
Compilation timestamp:
10/13/2013 1:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:9SxG0t888888888888W88888888888bWbiTMmwvd5f696fCpwTwNTAC2u7OwHt4S:QxG0wLHmUoDA3b/zud

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.7831

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file dvdtoiso_setup.exe has been seen being distributed by the following URL.

Remove dvdtoiso_setup.exe - Powered by Reason Core Security