home

ffpsetup.exe

ВERSHNET LLC

The application ffpsetup.exe by ВERSHNET has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
ВERSHNET LLC  (signed and verified)

Version:
1.0.0.0

MD5:
b9ce019b1c50dd31a7fc09c406c5bb7e

SHA-1:
4294645e2b1c5c9b352b68fbc5d73bf507e93f11

SHA-256:
944ce4548923a78dea52085718c3a1d61cd0bc8fdcf6d32e65ded19f94255dd8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
5/3/2024 1:48:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OutBrowse (M)
17.3.14.11

File size:
3.1 MB (3,301,608 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ffpsetup.exe

Digital Signature
Signed by:
ВERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 3:00:00 AM

Valid to:
2/6/2016 2:59:59 AM

Subject:
CN=ВERSHNET LLC, O=ВERSHNET LLC, STREET="600-Richchya, house 66, office 10", L=Vinnitsa, S=Vinnitskiy Region, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0DCBDEF5E756334284571793EA14D465

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA30260

Entry point:
60, BE, 00, A0, C4, 00, 8D, BE, 00, 70, 7B, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1.9 MB (1,994,752 bytes)

Remove ffpsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.