» videoconvertersetup.exe
Overview
Analysis
File Details
Downloads (1)

videoconvertersetup.exe

The application videoconvertersetup.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.videoconvertertool.net.

File name:

MD5:

06f6da376718089669c4df4e533a73cb

SHA-1:

c4d415262e7f287c609dc346a20eb5070b70d69c

SHA-256:

ad14bee4a4ccdf1a18d9457c1fb6c7af5a3ea28b711faf8991d539be64990dc6

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/5/2024 2:34:52 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.W32.InstallCore.lHdz

2.1.4+

Avira AntiVirus

PUA/InstallCore.Gen6

8.3.3.4

AVG

InstallCore

2017.0.2661

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.1684

Clam AntiVirus

Win.Adware.453484-1

0.98/21511

Dr.Web

Adware.InstallCore.75

9.0.1.0217

ESET NOD32

Win32/InstallCore.BA potentially unwanted (variant)

10.13439

Fortinet FortiGate

Riskware/InstallCore

8/4/2016

F-Prot

W32/InstallCore.V2.gen

v6.4.7.1.166

IKARUS anti.virus

AdWare.InstCore

t3scan.2.0.9.0

K7 AntiVirus

Unwanted-Program

13.224.19508

Malwarebytes

PUP.Optional.ClickRunSoftware

v2016.08.04.07

NANO AntiVirus

Trojan.Win32.InstallCore.ctnbnp

1.0.30.8213

Panda Antivirus

PUP/MultiToolbar.A

16.08.04.07

Reason Heuristics

PUP.InstallCore.ENG (M)

16.8.4.19

Rising Antivirus

Malware.XPACK-LNR/Heur!1.5594

23.00.65.16802

Sophos

Install Core Click run software (PUA)

4.98

SUPERAntiSpyware

PUP.InstallCore/Variant

8979

Trend Micro

TROJ_GEN.R00XC0OJ915

10.465.04

Vba32 AntiVirus

Adware.InstallCore.gen

3.12.26.4

VIPRE Antivirus

Click run software

49140

Zillya! Antivirus

Adware.InstallCore.Win32.913

2.0.0.2842

File size:

1.1 MB (1,163,024 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\videoconvertersetup.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:QpEDb7m8W7Yxud+g7LaQQm54wysa68e1ZcY6C9bZX9bhDg7:QpDTYx7uLImIsa68e1fLhD

Entry address:

0xCD260

Entry point:

55, 8B, EC, 83, C4, F0, B8, 20, 62, 41, 00, E8, C9, F2, FF, FF, FF, 25, 54, 81, 47, 00, 8B, C0, FF, 25, 50, 81, 47, 00, 8B, C0, FF, 25, 4C, 81, 47, 00, 8B, C0, 53, 83, C4, BC, BB, 0A, 00, 00, 00, 54, E8, 61, FF, FF, FF, F6, 44, 24, 2C, 01, 74, 05, 0F, B7, 5C, 24, 30, 8B, C3, 83, C4, 44, 5B, C3, 8B, C0, FF, 25, 48, 81, 47, 00, 8B, C0, FF, 25, 44, 81, 47, 00, 8B, C0, FF, 25, 40, 81, 47, 00, 8B, C0, FF, 25, 3C, 81, 47, 00, 8B, C0, FF, 25, 38, 81, 47, 00, 8B, C0, FF, 25, 34, 81, 47, 00, 8B, C0, FF, 25, 30, 81... 
[+]

Entropy:

6.9876

Developed / compiled with:

Microsoft Visual C++

Code size:

837.5 KB (857,600 bytes)

The file videoconvertersetup.exe has been seen being distributed by the following URL.

http://www.videoconvertertool.net/d/sc/.../?dl=1

Remove videoconvertersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.