Virus or not a virus - Win32/InstallCore = VideoConverterSetup.exe?

[polonus]

See: http://zulu.zscaler.com/submission/show/5be5a4a6a13fbed4cd507f14292433f3-1342371522
See: https://www.virustotal.com/file/91c6e34d6ca8b6c7c297f97ef8f45d1783e1fd305a5cbbda3100a73b3aaf75a2/analysis/
For the url I get a HTTP/1.1 400 BAD_REQUEST - Content-Length: 0 -Connection: Close
The url you entered does not appear to be Valid URL (when I enter URL in an url file viewer)
only GET requests are allowed as I experience using WebBug

HTTP/1.1 405 Method Not Allowed
Allow: GET
Content-Type: text/html; charset=utf-8
Date: Sun, 15 Jul 2012 17:08:00 GMT
Server: Apache/2.2.21 (Win32) mod_fcgid/2.3.6
X-Powered-By: PHP/5.3.8
Connection: Close

GET

HTTP/1.1 200 OK
Age: 0
Cache-Control: private, must-revalidate, max-age=0, s-maxage=0, no-store
Content-Disposition: attachment; filename="VideoConverterSetup.exe";
Content-Transfer-Encoding: binary
Content-Type: application/octet-stream
Date: Sun, 15 Jul 2012 17:06:02 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 15 Jul 2012 17:06:02 GMT
Pragma: public
Server: Apache/2.2.21 (Win32) mod_fcgid/2.3.6
X-Powered-By: Fat-Free Framework (htxp://fatfree.sourceforge.net) *
Content-Length: 1074448
Connection: Close

* broke link because of http://zulu.zscaler.com/submission/show/627483d10d97475da8145ac8705de828-1342372305

polonus

[polonus]

Avast should detect this as  Win32:InstallCore-AR [PUP],

polonus

[interstel]

Is this a virus or not?  I downloaded the file from a website that claims it is a video conversion utility program.

http://soft.foxtab.com/video-converter/gd/sg/?dl=1&adnm=23387309140&i=s&grid=A&lg=EN&cc=US&clg=en&c=1&d=1&cid=_009844111&kw=&mn=mediasanta-mkv-to-3gp-avi-mp4-dvd-conver.software.informer.com&Network=D&expr=&agid=_0090011305&gclid=CKmH3qin27ECFQmd7QodxGgAGQ

[Pondus]

Is this a virus or not?  I downloaded the file from a website that claims it is a video conversion utility program.

as Polonus said in the post above yours....it should be detected as PUP - not a virus = Possible Unwanted Program
a program that depending on what it can do may be good or bad if abused

[polonus]

Hi interstel & Pondus,

First and foremost the fact that this program is a possibly unwanted program.
That means that you are to install it, if you know about the risks of the program
and also when you have installed it yourself.
If it is a third party install it is always a pup in the sense of a possibly undesired program.
Another aspect there is where you download it from, as it can come together with scams and spyware
: http://www.mywot.com/en/scorecard/download3k.com?utm_source=addon&utm_content=popup-donuts & http://www.mywot.com/en/scorecard/download25.com?utm_source=addon&utm_content=popup-donuts
to just mention two sources where you'd better not download VideoConverterSetup.exe from.
NOD32 detects it as a variant of Win32/SweetIM.B.
It also has been reported to MBAM http://forums.malwarebytes.org/index.php?showtopic=75948
where the final verdit was a "non-malicious" file (according to moderator Fatcuk there),

polonus