» setup.exe
Overview
Analysis
File Details
Downloads (3)

setup.exe

Media converter

Conversionads

The application setup.exe, “Media converter Setup ” by Conversionads has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from download.convertavitomp4.info and multiple other hosts.

File name:

setup.exe

Publisher:

Conversionads (signed and verified)

Product:

Media converter

Description:

Media converter Setup

MD5:

c22affa6e4d234a24c6c646bdbddca11

SHA-1:

97f33f1501fa05d02edd3666c1ae753e8f40a202

SHA-256:

44ef113336849456e7ca1db3ef1eeb3a9bfbd91cadc33b25aefbc66cea262f05

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 1:59:53 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NNP

886

Avira AntiVirus

Adware/PlayBrute.A

7.11.102.82

avast!

Win32:Crossrider-C [PUP]

2014.9-140901

AVG

Agent.F

2015.0.3364

Bkav FE

W32.Clod7ef.Trojan

1.3.0.4562

Comodo Security

ApplicUnwnt

16928

Dr.Web

Adware.Plugin.25

9.0.1.0244

Emsisoft Anti-Malware

Trojan.Win32.OutBrowse.AMN

8.14.09.01.07

ESET NOD32

Win32/Toolbar.Babylon

8.7832

Fortinet FortiGate

W32/Toolbar.BABYLON

9/1/2014

F-Prot

W32/AddLyrics.A

v6.4.7.1.166

F-Secure

Adware.Agent.NNP

11.2014-01-09_2

G Data

NSIS:AddLyrics-G

14.9.22

K7 AntiVirus

Unwanted-Program

13.172.9570

McAfee

Artemis!E3B2724AE3F1

5600.7020

MicroWorld eScan

Adware.Agent.NNP

15.0.0.732

NANO AntiVirus

Trojan.Win32.Plugin.crbipj

0.28.0.59492

Norman

Downloader

11.20140901

Reason Heuristics

PUP.Installer.Conversionads.F

14.9.1.19

Sophos

Conversion Ads

4.84

Trend Micro House Call

TROJ_GEN.F47V1219

7.2.244

Trend Micro

TROJ_SPNR.0CB713

10.465.01

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.20.2

VIPRE Antivirus

Trojan.Win32.Generic

23710

File size:

13.9 MB (14,531,712 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Conversionads

Authority:

COMODO CA Limited

Valid from:

5/30/2012 1:00:00 AM

Valid to:

5/31/2013 12:59:59 AM

Subject:

CN=Conversionads, O=Conversionads, STREET=Am Weinberg 5, L=Neubeuern, S=Neubeuern, PostalCode=83115, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F87F8F45F7BF3EBF80C41AFC59A6916A

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:Pi4d7iO7OYecPv9yX6YkYKEgWIT5ovuI8vg:PLd7IYeM9yX6YSqIWvbYg

Entry address:

0x9C18

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, AE, 94, FF, FF, E8, B5, A6, FF, FF, E8, 44, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, D4, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 9D, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 5A, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9998

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

http://download.convertavitomp4.info/download.php

http://download.mp3tomidiconverter.com/download.php

http://download.howtoconvertmp4tomp3.com/download.php

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.