home

videoconvertersetup.exe

Video Converter

Video Converter T

The application videoconvertersetup.exe, “Video Converter Installer” has been detected as a potentially unwanted program by 19 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from apps.foxtab.com.
Publisher:
Video Converter T

Product:
Video Converter

Description:
Video Converter Installer

Version:
3.1.0.0

MD5:
41a24c1155e06caceede102a9b56d7ea

SHA-1:
a43c1072426c8e678ad5b8b4b4eda012de1cdb14

SHA-256:
bf0557dd338ccb1ad8b0ccf0f1ebe6e596ccde0db2bdc2a3cc8d5049605584cf

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/18/2024 7:58:21 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Avira AntiVirus
PUA/InstallCore.Gen
8.3.2.4

AVG
Generic24
2017.0.2852

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.16127

Comodo Security
Heur.Suspicious
23782

Dr.Web
Trojan.DownLoader4.50291
9.0.1.027

ESET NOD32
Win32/InstallCore.B potentially unwanted (variant)
10.12737

Fortinet FortiGate
Riskware/InstallCore
1/27/2016

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

G Data
Win32.Application.Dealply
16.1.25

Malwarebytes
PUP.Optional.InstallCore
v2016.01.27.09

McAfee
Artemis!41A24C1155E0
5600.6508

NANO AntiVirus
Trojan.Win32.Zugo.cqmnya
1.0.10.5081

Quick Heal
Trojan.Rimod.A8
1.16.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16125

Sophos
Install Core Installer (PUA)
4.98

Trend Micro
TROJ_GEN.R002C0ELG15
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
45892

ViRobot
Trojan.Win32.S.Agent.1052672.H[h]
2014.3.20.0

File size:
1 MB (1,052,672 bytes)

Product version:
3.1.0.0

Copyright:
Copyright © InstallCore

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\videoconvertersetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:KY18WMALoSyAu5sapMFBmuVkyYs6Dh5HNTfEMM6itNcLGUl:V8W0D5viWjzHNT8MMVNcLr

Entry address:
0xB7DA8

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 60, 79, 4B, 00, E8, 90, FA, F4, FF, 33, C0, 55, 68, 7B, 84, 4B, 00, 64, FF, 30, 64, 89, 20, B8, 94, 84, 4B, 00, E8, C4, D5, FA, FF, 40, 74, 0A, E8, 48, 9F, FF, FF, E9, 77, 06, 00, 00, A1, 5C, 48, 4A, 00, E8, B1, D2, FE, FF, 8B, 15, B4, DE, 4B, 00, 89, 02, A1, E0, DD, 4B, 00, 8B, 00, E8, 09, 1D, FA, FF, B8, AC, 84, 4B, 00, E8, 8F, D5, FA, FF, 40, 0F, 84, A9, 00, 00, 00, 6A, 40, 68, B0, 84, 4B, 00, 68, C0, 84, 4B, 00, 68, CC, CC, 14...
 
[+]

Entropy:
6.9308

Developed / compiled with:
Microsoft Visual C++

Code size:
734 KB (751,616 bytes)

The file videoconvertersetup.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/RC/.../VideoConverterSetup.exe

Remove videoconvertersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.