home

Free3GPConverterSetup-r0 -n-bi.exe

Free mp3 Wma Converter

Koyote-Lab Inc.

The application Free3GPConverterSetup-r0 -n-bi.exe, “Free mp3 Wma Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from downloadcentral.no and multiple other hosts.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
Free mp3 Wma Converter

Description:
Free mp3 Wma Converter Install

Version:
1.0.0.129246

MD5:
e54ca597bebb40fb6591e52c2c666a64

SHA-1:
f61aa079e9019021bcdf7baaed0ad92680ac1d33

SHA-256:
234afe6ac8a6478da4199f0f25a290bfd41e4df8090206c6f5c480d2d69abc1f

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 6:48:53 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod33d.Trojan
1.3.0.4613

Boost by Reason
Adware.Installer.KoyoteLab.EE
2013.8.28.22

Dr.Web
Adware.Downware.942
9.0.1.0240

Malwarebytes
PUP.Optional.Koyote.A
v2013.12.29.06

NANO AntiVirus
Trojan.Win32.Downware.crewao
0.28.0.57029

Reason Heuristics
PUP.Installer.KoyoteLab.EE
14.3.1.0

Rising Antivirus
PE:Trojan.Dropper!6.1BE
23.00.65.131210

Trend Micro House Call
TROJ_GEN.F47V0717
7.2.240

File size:
1.1 MB (1,167,368 bytes)

Product version:
1.0.0.129246

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\free3gpconvertersetup-r0 -n-bi.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/22/2012 4:00:00 PM

Valid to:
2/21/2014 3:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 1:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:r9TAflsmxFo8xhDGr/y3V3zrYv9EW404R0MfUVRUtKc:BYBF3xha/u3zG9EWgR062Qz

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9834

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file Free3GPConverterSetup-r0 -n-bi.exe has been seen being distributed by the following 19 URLs.

http://downloadcentral.no/manuel_load/multimedia/konvertere/.../1395

http://download.cdn.koyotesoft.com/r/cdn/.../Setup_FreeConverter.exe

http://www.commentcamarche.net/download/.../34055077-free-mp3-wma-converter

http://download.cdn.koyotesoft.com/r/cdn/.../Setup_EasyCutter.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r135-n-bc.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r142-w-bc.exe

http://www.slunecnice.cz/sw/free-mp3-wma-converter/stahnout/.../

http://koyotstar.free.fr/.../Setup_FreeConverter.exe

http://www.koyotesoft.com/.../Setup_FreeConverter.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r0-n-bc.exe

http://pt.kioskea.net/download/.../157-free-mp3-wma-converter

http://download.cdn.koyotesoft.com/r/cdn/.../Setup_FreeConverter.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r0-n.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r100-w-bc.exe

http://www.koyotesoft.com/.../FreeMp3WmaConverterSetup.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r101-w-bc.exe

http://download.koyotesoft.com/FreeMp3WmaConverterSetup.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeMp3WmaConverterSetup-r20-n-bc.exe

http://download.cdn.koyotesoft.com/cdn/r/.../Free3GPConverterSetup-r0 -n-bi.exe

Remove Free3GPConverterSetup-r0 -n-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.