» setup-converterlite-1.6.3-refam.exe
Overview
Analysis
File Details
Downloads (2)

setup-converterlite-1.6.3-refam.exe

ConverterLite

The executable setup-converterlite-1.6.3-refam.exe, “ConverterLite 1.6.3 Installer” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from www.converterlite.com and multiple other hosts.

File name:

Publisher:

ConverterLite

Product:

ConverterLite

Description:

ConverterLite 1.6.3 Installer

Version:

1.6.3

MD5:

2f1338fa06057fa2a0a7894bb0cdb141

SHA-1:

6fb584f35d7bc99184d68c00ff11e8d5b1d728e1

Scanner detections:

11 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/19/2024 1:20:51 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/BitCoinMiner.AP

7.11.80.12

Comodo Security

UnclassifiedMalware

16318

Dr.Web

Tool.BtcMine.83

9.0.1.0355

ESET NOD32

Win32/BitCoinMiner (variant)

7.8372

Fortinet FortiGate

W32/BitCoinMiner.D

12/21/2013

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.0.0

McAfee

Artemis!DF8CCDBC0186

5600.7275

Norman

Troj_Generic.LNRTN

11.20131221

Panda Antivirus

Suspicious file

13.12.21.10

Quick Heal

(Suspicious) - DNAScan

12.13.12.00

Trend Micro House Call

TROJ_GEN.R0UH1E1

7.2.355

File size:

17.9 MB (18,774,349 bytes)

Product version:

1.6.3

Trademarks:

ConverterLite

Original file name:

setup-converterlite-1.6.3-fam.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\setup-converterlite-1.6.3-refam.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:f3bw+e7t9WMik+BjQt5W+LWKWJc0FK8fCBASqax2tqKQYd:f8pr/+BjYW4WKWO0oLx2UKQYd

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setup-converterlite-1.6.3-refam.exe has been seen being distributed by the following 2 URLs.

http://www.converterlite.com/download

http://download.converterlite.com/setup-converterlite-1.6.3-refam.exe

Remove setup-converterlite-1.6.3-refam.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.