» flvtoconvertersetupv0.4.0.exe
Overview
Analysis
File Details
Downloads (6)

flvtoconvertersetupv0.4.0.exe

Flvto Youtube Downloader

Hotger Corp.

The application flvtoconvertersetupv0.4.0.exe by Hotger has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.flvto.com and multiple other hosts.

File name:

Publisher:

Hotger (signed by Hotger Corp.)

Product:

Flvto Youtube Downloader

Version:

0.4.0

MD5:

99e24174502b172441088a7ab3e6232d

SHA-1:

a6b2f3821427d403b38d92597f086f5403cc8c13

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/26/2024 4:12:40 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod627.Trojan

1.3.0.4613

Dr.Web

Adware.Downware.1429

9.0.1.078

ESET NOD32

Win32/InstallMonetizer.AN

8.9185

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.03.19.09

Reason Heuristics

PUP.InstallMonetizer.Bundle (M)

16.3.10.15

Trend Micro House Call

TROJ_GEN.F47V1126

7.2.78

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

607.8 KB (622,376 bytes)

Product version:

0.4.0

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\flvto youtube downloader\flvtoconvertersetupv0.4.0.exe

Digital Signature

Signed by:

Hotger Corp.

Authority:

COMODO CA Limited

Valid from:

1/9/2013 8:00:00 AM

Valid to:

1/10/2014 7:59:59 AM

Subject:

CN=Hotger Corp., O=Hotger Corp., STREET=102 Anza st., L=San Francisco, S=CA, PostalCode=94118, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2CC98D1E7BA458DFCCCC0082EE510BD6

File PE Metadata

Compilation timestamp:

12/6/2009 6:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:rm7RasJpGveYC2xr4aonybbcCqGMXKrXWR7TSElzxZ9Ak6UoEYtgX:C78sJpGmY94a1bcHGMXKrGXxZ36U2tg

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.6857

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flvtoconvertersetupv0.4.0.exe has been seen being distributed by the following 6 URLs.

http://www.flvto.com/.../

http://www.flvto.com/.../FYDPack.exe

http://www.flvto.com/.../

Remove flvtoconvertersetupv0.4.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.