home

freedvdtoavimp4wmvmpeg3gpflvconverter.exe

Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter

Tsingsoft Imagination Information Technology Co., Ltd

The software installer may bundle adware as well as other potentially unwanted software using a download manager/installer from ClientConnect or OpenCandy. The application freedvdtoavimp4wmvmpeg3gpflvconverter.exe, “Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter Setup ” by Tsingsoft Imagination Information Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
FreeAudioVideoSoftTech, Inc.   (signed by Tsingsoft Imagination Information Technology Co., Ltd)

Product:
Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter

Description:
Free DVD to AVI MP4 WMV MPEG 3GP FLV Converter Setup

MD5:
73e7eb12bfcb7199cae12d4246829320

SHA-1:
55d0660cea3a2b14d2bccdde92020ef9c88733bc

SHA-256:
61231c08c1900f9db3292443eb5fcc26eb24cace247c4ca9f17764a961019ce0

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/16/2024 10:18:53 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.9939

Reason Heuristics
PUP.Bundler.TsingsoftImaginationInformationTechnologyCo.Installer.Meta (L)
16.3.1.1

File size:
5.1 MB (5,332,016 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freedvdtoavimp4wmvmpeg3gpflvconverter.exe

Digital Signature
Signed by:
Tsingsoft Imagination Information Technology Co., Ltd

Authority:
GlobalSign nv-sa

Valid from:
9/21/2011 7:12:19 AM

Valid to:
9/21/2014 7:12:19 AM

Subject:
CN="Tsingsoft Imagination Information Technology Co., Ltd", O="Tsingsoft Imagination Information Technology Co., Ltd", L=北京, S=北京, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211887AD441BA7E15E9131AAA0DEF9248A

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:dVJeEE6dsc2pIEjjztcjoMAJTxv8xyQsztWKFem7mWFFI76ew5Qpj5O:s6dsNht4oMcrHtJI7Lv5O

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9989

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file freedvdtoavimp4wmvmpeg3gpflvconverter.exe has been seen being distributed by the following URL.

http://www.freshdevices.com/41136/.../FreeDVDtoAVIMP4WMVMPEG3GPFLVConverter.exe

Remove freedvdtoavimp4wmvmpeg3gpflvconverter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.