home

130214_f2.exe

FunMoods

Fun and Moods

The application 130214_f2.exe, “Setup ” by Fun and Moods has been detected as adware by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
Setup ©   (signed by Fun and Moods)

Product:
FunMoods

Description:
Setup

Version:
2.16.8.0

MD5:
8ce8fed8298f37d07464edf05a0bc093

SHA-1:
dbd4b1401910d4c57aec171e430526b0839bb80c

SHA-256:
6000c983b72dcb4e21a1aaa8b253940367b0110448a0de4fa296602bb51d45fd

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 12:20:40 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Packed.24524
9.0.1.0196

Malwarebytes
PUP.Optional.FunMoods.A
v2014.07.15.08

NANO AntiVirus
Trojan.Win32.MLW.dagoxt
0.28.0.60253

Reason Heuristics
PUP.Installer.FunandMoods.J
14.7.15.20

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

XVirus List
Win32.Detected
2.7.15

File size:
2.4 MB (2,549,632 bytes)

Product version:
2.16.8.0

Original file name:
FunMoods_2.16.8.0.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\130214_f2.exe

Digital Signature
Signed by:
Fun and Moods

Authority:
COMODO CA Limited

Valid from:
1/8/2014 10:00:00 PM

Valid to:
1/9/2015 9:59:59 PM

Subject:
CN=Fun and Moods, O=Fun and Moods, STREET=28 Lilienblum St., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BC1B58EB9A15EFC94509ED7525234EAC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:u8ziEXUvtkTenRG+dcpFCqEXNPczsYJNE9OJNlkCmBfGdewRH3J1jIf20Vhs:u8ztUvtnG+sFwdcQYJNE9OmfGdewRbY0

Entry address:
0x794DC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 1C, 92, 47, 00, E8, 2C, E3, F8, FF, 33, C0, E8, FD, EE, FF, FF, E8, 14, BA, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
481.5 KB (493,056 bytes)

Remove 130214_f2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.