home

videoconvertersetup.exe

Video Converter

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application videoconvertersetup.exe, “Video Converter Installer” by Install Core has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from apps.foxtab.com.
Publisher:
Video Converter Technologies  (signed by Install Core)

Product:
Video Converter

Description:
Video Converter Installer

Version:
3.1.0.0

MD5:
1f2706b8211fff0ff5e8a7c7c5b7e36b

SHA-1:
d2814981ab3166c9facb4d336e3e315fee6327a2

SHA-256:
f40d46b9d4e6c6e1cf1773cb83372d552bd05913560c1fe6461a9551af83c51a

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 7:15:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.242923
404

Agnitum Outpost
Adware.Adware
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
15.12.28

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.140.76

avast!
Win32:InstallCore-F [PUP]
2014.9-151228

Bitdefender
Adware.Generic.242923
1.0.20.1810

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.0
18016

Dr.Web
Adware.InstallCore.14
9.0.1.0362

Emsisoft Anti-Malware
Adware.Generic.242923
8.15.12.28.10

ESET NOD32
Win32/InstallCore (variant)
9.9613

Fortinet FortiGate
Riskware/InstallCore
12/28/2015

F-Prot
W32/Agent.MC.gen
v6.4.7.1.166

F-Secure
Adware.Generic.242923
11.2015-28-12_2

G Data
Adware.Generic.242923
15.12.24

K7 AntiVirus
Trojan
13.176.11595

Malwarebytes
Adware.Agent
v2015.12.28.10

MicroWorld eScan
Adware.Generic.242923
16.0.0.1086

NANO AntiVirus
Riskware.Win32.InstallCore.nxzoq
0.28.0.58720

nProtect
Trojan-Clicker/W32.Agent.564232
14.03.30.01

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Reason Heuristics
PUP.installCore.VideoConverterTechnologies.Installer (M)
15.12.28.10

Rising Antivirus
PE:PUF.InstallCore!1.9DE1
23.00.65.151226

Sophos
Install Core Installer
4.98

Trend Micro House Call
TROJ_INSTALLCORE_000006e.TOMA
7.2.362

Vba32 AntiVirus
BScope.Malware-Cryptor.Sinba.A
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27856

File size:
550.5 KB (563,720 bytes)

Product version:
3.1.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\videoconvertersetup.exe

Digital Signature
Signed by:
Install Core

Authority:
The USERTRUST Network

Valid from:
2/1/2011 4:00:00 PM

Valid to:
2/2/2012 3:59:59 PM

Subject:
CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:koHe9W0+Icx+EDwCnAaeT5VH45nxZ2TOL3nIrEh6l/IKIYPgOFWZ1MMV0:Pe9W0ExrDf56Sym3kE8/IpYPgME1MMV0

Entry address:
0x114C60

Entry point:
60, BE, 00, 40, 49, 00, 8D, BE, 00, D0, F6, FF, C7, 87, 10, 67, 0C, 00, 6E, 2F, 38, D3, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8819

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
516 KB (528,384 bytes)

The file videoconvertersetup.exe has been seen being distributed by the following URL.

http://apps.foxtab.com/RC/.../VideoConverterSetup.exe

Remove videoconvertersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.