home

swiftmediaconverterbrowser.exe

Valcan Labs

The application swiftmediaconverterbrowser.exe by Valcan Labs has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address xx-fbcdn-shv-01-ams3.fbcdn.net on port 443.
Publisher:
Valcan Labs  (signed and verified)

Version:
1.0.2.2

MD5:
a63616e3db80799f1e67729286c3c55f

SHA-1:
2c2dc08be06bb33444e597ac3f5fc9818f687698

SHA-256:
2a5ce441135e608d0352063d0fb7503b4c6b4ef80e9395ec6d64f52cb105163a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 8:06:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ValcanLabs.Optional.Meta (L)
15.12.1.12

File size:
539.5 KB (552,440 bytes)

Product version:
1.0.2.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\swiftmediaconverter\swiftmediaconverterbrowser.exe

Digital Signature
Signed by:
Valcan Labs

Authority:
COMODO CA Limited

Valid from:
7/7/2014 8:00:00 PM

Valid to:
7/7/2016 7:59:59 PM

Subject:
CN=Valcan Labs, O=Valcan Labs, STREET=44 Primrose Crst, L=Sunderland, S=Tyne and Wear, PostalCode=SR69RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F10CF846C9B2AEFF0D4CBB3E10178A72

File PE Metadata
Compilation timestamp:
11/6/2015 3:22:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:vQMGAu9y6N6Uynl3gd8vvxwykORGDr4+tAO0AOMVOKZmW5EXEdvz:8AuqxgCRwykOCr4+tiqnF5EXovz

Entry address:
0x2E879

Entry point:
E8, F8, A4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, B0, 81, 47, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, DE, A9, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, D3, 1F, 00, 00, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.4667

Code size:
343 KB (351,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to va.v.liveperson.net  (208.89.12.87:443)

TCP (HTTP):
Connects to t-ams5.mplxtms.com  (63.215.202.72:80)

TCP (HTTP):
Connects to a2-16-4-160.deploy.akamaitechnologies.com  (2.16.4.160:80)

TCP (HTTP):
Connects to a23-52-58-91.deploy.static.akamaitechnologies.com  (23.52.58.91:80)

TCP (HTTP):
Connects to a23-2-125-10.deploy.static.akamaitechnologies.com  (23.2.125.10:80)

TCP (HTTP):
Connects to a2-16-4-194.deploy.akamaitechnologies.com  (2.16.4.194:80)

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to ec2-54-210-36-181.compute-1.amazonaws.com  (54.210.36.181:80)

TCP (HTTP):
Connects to a23-38-32-84.deploy.static.akamaitechnologies.com  (23.38.32.84:80)

TCP (HTTP):
Connects to a2-16-4-195.deploy.akamaitechnologies.com  (2.16.4.195:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-amt2.fbcdn.net  (31.13.64.21:80)

TCP (HTTP):
Connects to ec2-52-19-155-137.eu-west-1.compute.amazonaws.com  (52.19.155.137:80)

TCP (HTTP):
Connects to static.criteo.net  (178.250.2.74:80)

TCP (HTTP):
Connects to server-54-192-129-114.ams50.r.cloudfront.net  (54.192.129.114:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-amt2.facebook.com  (31.13.64.35:443)

TCP (HTTP SSL):
Connects to am-lpcdn.lpsnmedia.net  (178.249.101.98:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ams3.fbcdn.net  (31.13.91.6:443)

TCP (HTTP):
Connects to server-54-192-129-237.ams50.r.cloudfront.net  (54.192.129.237:80)

TCP (HTTP):
Connects to server-54-192-129-231.ams50.r.cloudfront.net  (54.192.129.231:80)

TCP (HTTP):
Connects to server-54-192-129-209.ams50.r.cloudfront.net  (54.192.129.209:80)

Remove swiftmediaconverterbrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.