» wavtomp3free_setup.exe
Overview
Analysis
File Details

wavtomp3free_setup.exe

RSPARK LIMITED LIABILITY COMPANY

The application wavtomp3free_setup.exe by RSPARK LIMITED LIABILITY COMPANY has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

Publisher:

RSPARK LIMITED LIABILITY COMPANY (signed and verified)

MD5:

33180a23d84d9690587d9b1aeca9d846

SHA-1:

3ab3e0e17ca6255372b169810a06372e42d650f2

SHA-256:

18f31287012b8821690652a48c821458e075e6454eec328539830fe11b6346c6

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 2:19:05 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OutBrowse (M)

17.3.11.5

File size:

628.5 KB (643,632 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\wavtomp3free_setup.exe

Digital Signature

Signed by:

RSPARK LIMITED LIABILITY COMPANY

Authority:

GlobalSign nv-sa

Valid from:

8/20/2014 6:42:44 PM

Valid to:

8/21/2015 6:42:44 PM

Subject:

E=billing@rspark.com, CN=RSPARK LIMITED LIABILITY COMPANY, O=RSPARK LIMITED LIABILITY COMPANY, L=Seattle, S=Washington, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11214776E87F6F533491BA6962DED798AED3

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9811

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove wavtomp3free_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.