home

FreeEasyCDDVDBurnerSetup-r20-n-bc.exe

Free Easy CD DVD Burner

Koyote-Lab Inc.

The application FreeEasyCDDVDBurnerSetup-r20-n-bc.exe, “Free Easy CD DVD Burner Install” by Koyote-Lab has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
Free Easy CD DVD Burner

Description:
Free Easy CD DVD Burner Install

Version:
1.0.0.129246

MD5:
2b5905896e27adb0ac3703f4cc7d73f3

SHA-1:
65cc6b06dbe4930d5108a366fe968d296cd9d13c

SHA-256:
b7c5049cabdd8e17a92c2c619bcf0d9f38d05ac5eab844cbf7793d15c075ddb5

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 6:47:49 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod1b7.Trojan
1.3.0.4613

Boost by Reason
Adware.Installer.KoyoteLab.b
2013.8.29.0

Dr.Web
Adware.Downware.942
9.0.1.0241

Malwarebytes
PUP.Optional.Koyote.A
v2013.12.29.06

NANO AntiVirus
Trojan.Win32.Downware.crewao
0.28.0.57029

Reason Heuristics
PUP.Installer.KoyoteLab.b
14.3.1.0

Rising Antivirus
PE:Trojan.Dropper!6.1BE
23.00.65.131210

Trend Micro House Call
TROJ_GEN.F47V0724
7.2.241

File size:
1.2 MB (1,207,896 bytes)

Product version:
1.0.0.129246

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freeeasycddvdburnersetup-r20-n-bc.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/22/2012 4:00:00 PM

Valid to:
2/21/2014 3:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 1:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:vlp1ssxuqswsxxBMTMlJNF6I4K97M9POkmu85+ioDAvy:RbPswsxxBBIDcHFUAK

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9835

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file FreeEasyCDDVDBurnerSetup-r20-n-bc.exe has been seen being distributed by the following 7 URLs.

http://dw.uptodown.com/dl/1431303197/.../free-cd-dvd-burner-5-0-es-en-br-fr-de-it-ru-nl-pl-cz-dk-se-tr-win.exe

http://download.koyotesoft.com/FreeEasyCDDVDBurnerSetup.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeEasyCDDVDBurnerSetup-r32-n-bc.exe

http://www.koyotesoft.com/.../FreeEasyCDDVDBurnerSetup.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeEasyCDDVDBurnerSetup-r101-w-bc.exe

http://koyotstar.free.fr/.../Setup_FreeBurner.exe

http://download.cdn.koyotesoft.com/cdn/r/.../FreeEasyCDDVDBurnerSetup-r20-n-bc.exe

Remove FreeEasyCDDVDBurnerSetup-r20-n-bc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.