home

freehdconvertersetup.exe

Free HD Converter

Koyote-Lab Inc.

The application freehdconvertersetup.exe, “Free HD Converter Install” by Koyote-Lab has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address 94.31.0.160.IPYX-076665-ZYO.above.net on port 80 using the HTTP protocol.
Publisher:
Koyote-Lab Inc.  (signed and verified)

Product:
Free HD Converter

Description:
Free HD Converter Install

Version:
1.0.0.0

MD5:
04156689e2a2bcaa9b3f46adab7b61dc

SHA-1:
f488d24be84876023bf2c6d60103fe8dcf7963f2

SHA-256:
8809f8ab580c7d64a87c24e3d9860395fd88c1c23dcbbea845ebf2e9238e9cf2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:08:24 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2497
9.0.1.0285

ESET NOD32
Win32/Toolbar.SearchSuite
8.10469

G Data
Win32.Application.Searchsuite
14.10.24

Reason Heuristics
PUP.Installer.KoyoteLab.U
14.10.12.15

File size:
755.2 KB (773,296 bytes)

Product version:
1.0.0.125913

Copyright:
Copyright (c) 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\todos telechargements\freehdconvertersetup.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/23/2012 1:00:00 AM

Valid to:
2/22/2014 12:59:59 AM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:g0a4ruyLRInJDREGI4DOs8QrqrCby38oGniO/5eDKEK8ujXpCFGEg6RFblvFb3vF:g0a4rHdYJDRBJfrWCy3lKouFCFJLR1N3

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file freehdconvertersetup.exe has been seen being distributed by the following 4 URLs.

http://dw.uptodown.com/dwn/zNNI1w74PGqKyUS7J_dVRSQG1UQ0cvkvl74pgBzkUzLyQ3x_6JGmHuugsTGsr9aQAjDmiTCQj4qaC6MINrHlou_W7Zc4T0YljZpODYfQiNRoFj8uklHW26J4hwaNw_VX/YO-Gc-NkBdHHUMCPDhhcWMBbQFx3D80eNVVMdUWeBXFefHAxOy6O2UPlMEuETpYNKVsQo7_a5DJcah8wHp9FwK4jkEdamaUxe2eDZtO-J-fq46AxqK0K1RPsfCP-EnOj/.../

https://ln.syncusercontent.com/mfs-d7c262b1ccddd219a50180b55adff8c9ac67822169e324e7596d42ac0a9276934/.../free-hd-converter-2-0-en-win.exe

http://dw.uptodown.com/dwn/XJgBQAuA6Gn5YwAG8jINxJHxdxUX2sXKdykTS5VB8UeAWNYPoGjje_S9tn0lt1WChRy4eGev0mqFElfY6361LXL-dddUAzaFSaKSxULoc8TFgc4zUR1zPSko5-PteQEl/Af-wTflr9X60917ThnOrpJRY23bafiuTAqCejVz5jrAH5-qMU4CxzTxfsEJfchxSP65UX3FrHR79_YjIxwJCJr5Dwl_UaXZdZBPO38thUrKcK1vGQiRUqnO_bMR-wRYP/.../

https://ln.sync.com/mfs-d7c262b1ccddd219a50180b55adff8c9ac67822169e324e7596d42ac0a9276934/.../free-hd-converter-2-0-en-win.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 94.31.0.25.IPYX-076665-ZYO.above.net  (94.31.0.25:80)

TCP (HTTP):
Connects to 94.31.0.160.IPYX-076665-ZYO.above.net  (94.31.0.160:80)

Remove freehdconvertersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.