home

231013_f.exe

Setup©

Funmoods

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 231013_f.exe, “Setup ” by Funmoods has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the installCore installer. It is also typically executed from the user's temporary directory.
Publisher:
Setup ©   (signed by Funmoods)

Product:
Setup©

Description:
Setup

Version:
2.2.8.1247

MD5:
9ae24ebc591d476606a90d5aec69419b

SHA-1:
8e12431cff3a27a48620d205e04d497ae90a61da

SHA-256:
e4fd96ab9b3457bc1c9d3f9cd86a69ec284d0b260d75331cf9827527cdb6be4f

Scanner detections:
7 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/16/2024 5:20:41 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Delf.G.90
7.11.120.4

avast!
Win32:FunMood-A [PUP]
2014.9-131218

Dr.Web
Adware.Funmoods.5
9.0.1.0352

ESET NOD32
Win32/Toolbar.Funmoods (variant)
7.9179

McAfee
Artemis!9AE24EBC591D
5600.7278

Reason Heuristics
PUP.Installer.Funmoods.I
14.8.7.21

XVirus List
Win32.Detected
2.8.7

File size:
2.2 MB (2,268,600 bytes)

Product version:
2.2.8.1247

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\231013_f.exe

Digital Signature
Signed by:
Funmoods

Authority:
COMODO CA Limited

Valid from:
2/17/2013 9:00:00 PM

Valid to:
2/18/2014 8:59:59 PM

Subject:
CN=Funmoods, O=Funmoods, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F7100AE286D6D9AE97789C22F156C88F

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Uh47TGnaQGFDnmrG1IwEvfry9Gn/hrCrpjdU3JzcoQOX4+1tLhX:vnmrG0vDy0/hiFduzcKI+HhX

Entry address:
0x5ADF4

Entry point:
55, 8B, EC, 83, C4, F0, B8, A4, AB, 45, 00, E8, 88, C5, FA, FF, 33, C0, E8, 65, 67, FF, FF, E8, 38, 9F, FA, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
360 KB (368,640 bytes)

Remove 231013_f.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.