home

Fetion.exe

Fetion

China Mobile Communications Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Fetion’.
Publisher:
China Mobile  (signed by China Mobile Communications Corporation)

Product:
Fetion

Version:
2.2.0.0

MD5:
d360af7becbbfff80d45e0b2c90d9a02

SHA-1:
25999c036943fbccf0b0f9c5348c12829445e7f7

SHA-256:
a94a0f9b3ad0d6eba88197850441d55e09a10a3ece5c75149c08bd2f1f97df3e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:28:43 AM UTC  (today)

File size:
441.4 KB (451,968 bytes)

Product version:
2.2.0.0

Copyright:
Copyright (c) 2004-2006 China Mobile Limited. All rights reserved

Original file name:
Fetion.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\china mobile\fetion\fetion.exe

Digital Signature
Signed by:
China Mobile Communications Corporation

Authority:
VeriSign, Inc.

Valid from:
1/26/2010 8:00:00 AM

Valid to:
1/26/2013 7:59:59 AM

Subject:
CN=China Mobile Communications Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=China Mobile Communications Corporation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4EA536D132EFAA076646AA7F5D8F3E99

File PE Metadata
Compilation timestamp:
2/26/2008 10:58:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:+2b84M1XHjRXOIOcSqBrB8YB38DNmXGRKPX1Ao:zYfXl5nNPvKo

Entry address:
0x1B98

Entry point:
E8, B8, 3B, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, 22, 41, 00, 89, 0D, 04, 22, 41, 00, 89, 15, 00, 22, 41, 00, 89, 1D, FC, 21, 41, 00, 89, 35, F8, 21, 41, 00, 89, 3D, F4, 21, 41, 00, 66, 8C, 15, 20, 22, 41, 00, 66, 8C, 0D, 14, 22, 41, 00, 66, 8C, 1D, F0, 21, 41, 00, 66, 8C, 05, EC, 21, 41, 00, 66, 8C, 25, E8, 21, 41, 00, 66, 8C, 2D, E4, 21, 41, 00, 9C, 8F, 05, 18, 22, 41, 00, 8B, 45, 00, A3, 0C, 22, 41, 00, 8B, 45, 04, A3, 10, 22, 41, 00, 8D, 45, 08, A3, 1C, 22, 41, 00, 8B...
 
[+]

Entropy:
4.5467

Code size:
48 KB (49,152 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Fetion

Command:
C:\Program Files\china mobile\fetion\fetion.exe


Scan Fetion.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.