home

iThmbConverter.exe

iThmb Converter

Dec Software

This is a setup program which is used to install the application. The file has been seen being downloaded from www.ithmbconverter.com.
Publisher:
Dec Software

Product:
iThmb Converter

Version:
1.105.0.716

MD5:
e3f25691db81822824d92fa284d90de5

SHA-1:
0efe3397b0803cbec9e93cecd2a57fba2d64b893

SHA-256:
412528decfbd63734488d0cf4b4a26ffe50ff46b7bfc430be198d1cf358ccd9b

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/19/2024 6:32:51 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7062

Rising Antivirus
PE:Malware.RDM.09!5.F[F1]
23.00.65.15929

File size:
9.5 MB (9,972,224 bytes)

Product version:
1.105

Copyright:
(c) 2010-2015 Dec Software

Trademarks:
iThmb Converter

Original file name:
iThmbConverter.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ithmbconverter.exe

File PE Metadata
Compilation timestamp:
8/18/2015 1:10:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:6KzyN1sLxh9rbcWdvDDKTlO/to2Y3+1jMZiYV23ceo58VjFojmPSZ3ZvpskQ:6Kzybs9LrXFnK52c+1jMiYreW8PUmaZ6

Entry address:
0x1657A50

Entry point:
E9, 13, 98, 6E, FF, E0, EB, 49, 64, 47, 69, 51, AE, A9, D2, A0, E3, B3, F8, A7, 88, 86, 5D, 91, 42, 59, 76, 50, 33, 13, 30, 5C, E7, 0F, DC, 06, E5, E2, 25, FE, E4, C6, 1E, D1, 72, 6D, 8D, 84, 87, 0B, F0, E5, 6A, F9, BD, D8, 4A, D0, 78, 17, BE, D1, D7, 7E, 55, 91, BA, DA, 2B, 81, E2, A5, CE, 04, 9E, F2, F2, 9A, 23, 82, 41, 92, 8E, 4D, F6, F9, D2, EC, 66, C7, 76, CD, E9, E8, 33, A9, EA, F1, F2, 9A, A2, 85, BE, 27, 44, 62, 19, 72, 48, 83, 22, 1D, 44, 6B, E8, 47, F2, 25, 4E, 89, EE, 11, B2, DD, E3, D8, 6A, 25...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
4.6 MB (4,832,256 bytes)

The file iThmbConverter.exe has been seen being distributed by the following URL.

http://www.ithmbconverter.com/iThmbConverter.exe

Scan iThmbConverter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.