» 100413_f.exe
Overview
Analysis
File Details

100413_f.exe

Setup©

Funmoods

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 100413_f.exe, “Setup ” by Funmoods has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory.

File name:

100413_f.exe

Publisher:

Setup © (signed by Funmoods)

Product:

Setup©

Description:

Setup

Version:

2.2.1.577

MD5:

d1b50d411a72cfbbf9bae6970e8c9884

SHA-1:

9289bc1968597bcb35ce196e80700290e8532b9e

SHA-256:

09be3bf2255aba4e0f04c62383f7f0c55b90c84fcd29778f5384ad28727b4543

Scanner detections:

5 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 7:22:54 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Funmoods (variant)

8.8958

Fortinet FortiGate

Riskware/Funmoods

2/17/2014

Reason Heuristics

PUP.Installer.Funmoods.I

14.8.7.21

Trend Micro House Call

ADW_FUNMOODS.A

7.2.48

Trend Micro

ADW_FUNMOODS.A

10.465.17

File size:

2.2 MB (2,326,360 bytes)

Product version:

2.2.1.577

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\100413_f.exe

Digital Signature

Signed by:

Funmoods

Authority:

COMODO CA Limited

Valid from:

2/17/2013 9:00:00 PM

Valid to:

2/18/2014 8:59:59 PM

Subject:

CN=Funmoods, O=Funmoods, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F7100AE286D6D9AE97789C22F156C88F

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:3aXMpCM6skTdEZVSUtP+7xwypGZdqxSDN+srmoDSIpVyZkc:qXMpR6eLax+Zd8SDN+ydcl

Entry address:

0x69B3C

Entry point:

55, 8B, EC, 83, C4, F0, B8, F4, 98, 46, 00, E8, 84, D6, F9, FF, E8, 33, F3, FF, FF, E8, A2, AE, F9, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

419 KB (429,056 bytes)

Remove 100413_f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.