home

setup.exe

Media converter

Conversionads

The application setup.exe, “Media converter Setup ” by Conversionads has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download.convertmkvtomp4.info.
Publisher:
Conversionads  (signed and verified)

Product:
Media converter

Description:
Media converter Setup

MD5:
f6a1b783d08b492381eb6d77bf1cbc77

SHA-1:
29dd67e523859554b1d54103b11e8c8ef9c47515

SHA-256:
9bbf74a61b660289944dab44166a53e00ea6f3ab7fb6e7c5b4620364296fdfaf

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/24/2024 4:33:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NNP
928

Avira AntiVirus
Adware/Lyckriks.ci
7.11.115.116

avast!
Win32:AddLyrics-BA [Adw]
2014.9-140722

AVG
Agent.F
2015.0.3406

Bkav FE
W32.Clod7ef.Trojan
1.3.0.4562

Comodo Security
ApplicUnwnt
17333

Dr.Web
Trojan.AVKill.31027
9.0.1.0203

Emsisoft Anti-Malware
Trojan.Win32.OutBrowse.AMN
8.14.07.22.06

ESET NOD32
Win32/Toolbar.Zugo
8.9092

Fortinet FortiGate
W32/OutBrowse.C
7/22/2014

F-Prot
W32/AddLyrics.A
v6.4.7.1.166

F-Secure
Application.Generic.529521
11.2014-22-07_3

G Data
NSIS:AddLyrics-G
14.7.22

K7 AntiVirus
Unwanted-Program
13.172.9570

McAfee
Artemis!F6A1B783D08B
5600.7062

MicroWorld eScan
Application.Generic.529521
15.0.0.609

NANO AntiVirus
Trojan.Win32.Plugin.crbipj
0.28.0.59492

Norman
Suspicious_Gen4.ETXBS
11.20140722

Reason Heuristics
PUP.Installer.Conversionads.F
14.8.7.23

Sophos
Conversion Ads
4.95

Trend Micro House Call
TROJ_GEN.RCBH1AF
7.2.203

Trend Micro
TROJ_SPNR.0CB713
10.465.22

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
23710

File size:
14.6 MB (15,349,744 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Conversionads

Authority:
COMODO CA Limited

Valid from:
5/30/2012 2:00:00 AM

Valid to:
5/31/2013 1:59:59 AM

Subject:
CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:Ei4d7id5cYJ3IIpFRV8TtIevQmZALlMWKefv:ELd7kHLFR6QmyLbKG

Entry address:
0x9C18

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://download.convertmkvtomp4.info/download.php?nid=83

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.