home

freevideoflipandrotate.exe

Free Video Flip and Rotate

DVDVideoSoft Ltd.

The application freevideoflipandrotate.exe, “Free Video Flip and Rotate Setup ” by DVDVideoSoft has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from off.dvdvideosoft.net and multiple other hosts.
Publisher:
DVDVideoSoft Ltd.   (signed by DVDVideoSoft Ltd.)

Product:
Free Video Flip and Rotate

Description:
Free Video Flip and Rotate Setup

Version:
1.0.10.324

MD5:
43bed53e5f74e2747b010a55d4593fef

SHA-1:
1aee66217f5b4dbeda5c92d67bbf3546df36c7af

SHA-256:
d36de226836cd35b30e2b6742264589b15c331ebdea1734e1dfbb34b1e5d2cdc

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/18/2024 5:25:07 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Toolbar.576
9.0.1.0101

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant)
9.11413

Fortinet FortiGate
Riskware/OpenCandy
4/11/2015

McAfee
Artemis!2268D2CA4E04
5600.6798

NANO AntiVirus
Trojan.Win32.OpenCandy.dlsdxl
0.30.0.65070

Trend Micro House Call
Suspicious_GEN.F47V0327
7.2.101

File size:
28.7 MB (30,134,336 bytes)

Product version:
1.0.10.324

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\freevideoflipandrotate.exe

Digital Signature
Signed by:
DVDVideoSoft Ltd.

Authority:
GlobalSign nv-sa

Valid from:
4/24/2013 10:43:53 PM

Valid to:
4/24/2016 10:43:53 PM

Subject:
E=question@dvdvideosoft.com, CN=DVDVideoSoft Ltd., O=DVDVideoSoft Ltd., S=Dominica, C=DM

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212661F5B10172D0E730C0D1F1213115FF

File PE Metadata
Compilation timestamp:
10/13/2013 4:19:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:xSg7Z959VYJTJCKmJ/RVsmYI7qCg4r2USIJC4ZFsKEFYHrrbJE:xSg7hYJTo/wOvDSIJCPK2YHHFE

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9997

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file freevideoflipandrotate.exe has been seen being distributed by the following 2 URLs.

http://off.dvdvideosoft.net/FreeVideoFlipAndRotate.exe

http://dnlimit3.simfile.uplusbox.co.kr/.../httpdown.cgi?orgfname=FreeVideoFlipAndRotate.exe&filename=SS9WRVJDUnFULVdDSHVPdUpkNyxKQ0UwTVJpYUxPLmVIT0MuSmVmdUp5US1MeE44

Remove freevideoflipandrotate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.