home

ffsetup3.7.5.0.exe

Format Factory

chen jun hao

The application ffsetup3.7.5.0.exe, “Format Factory Video/Audio/Picture Converter” by chen jun hao has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from i.download.idg.pl and multiple other hosts.
Publisher:
Free Time  (signed by chen jun hao)

Product:
Format Factory

Description:
Format Factory Video/Audio/Picture Converter

Version:
3.7.5.0

MD5:
9fbf0d4a834194c23fdf747016d42044

SHA-1:
d640b4e603110731d9ad00f44df809d4c0c6ba36

SHA-256:
f45c4d4199aabb3953ffa451e07d0c8e239277b7123d9d45c9cdb75905f60c2b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 2:40:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.chenjunhao.Installer (M)
15.9.8.21

File size:
52.2 MB (54,750,728 bytes)

Product version:
3.7.5.0

Copyright:
Free Time

Trademarks:
Format Factory Application is a trademark of FreeTime

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
chen jun hao

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 12:09:13 PM

Valid to:
6/25/2016 12:09:13 PM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
12/17/2013 8:46:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1572864:OjdyA1v/FWvSQvtI8yhyNAfuXx31yuB+TBXh5Tl9:O0A1v/FW5vtXyhyN4wnBEBxJr

Entry address:
0x3A0A

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, DB, 5E, 89, 5C, 24, 18, C7, 44, 24, 10, 40, A2, 40, 00, 89, 5C, 24, 14, FF, 15, 90, 90, 40, 00, 89, 44, 24, 1C, FF, 15, 34, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 53, FF, 15, 30, 93, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 2B, 2A, 00, 00, 53, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 3C, 50, 53, 68, 84, A3, 40, 00, FF, 15, A4, 91, 40, 00, 68, 6C, A3, 40, 00, 68, C0, BD, 46, 00, E8, 0D, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
30.5 KB (31,232 bytes)

The file ffsetup3.7.5.0.exe has been seen being distributed by the following 50 URLs.

http://i.download.idg.pl/fannef/6aa880005d51c299afc7ce9953b10a59/58614876//vol2/w95/konwertery/.../FFSetup3.7.5.0.exe

http://f51.softwaretop.net/2107tmp/cf/soft/2015/9/ba/.../format-factory_3750.exe

http://www.filepuma.com/file/1444662159c9627/formatfactory_3.7.5.0/.../0/

http://filehippo.com/download/file/.../

http://113.171.224.170/.../FFSetup3.7.5.0.exe

http://filehippo.com/download/file/.../

http://i.download.idg.pl/fannef/8771d35f0578aa1161961478000f29dd/588f707a//vol2/w95/konwertery/.../FFSetup3.7.5.0.exe

http://filehippo.com/download/file/.../

http://s5950.chomikuj.pl/File.aspx?e=Pgf4PHCN-TTcX_0MwE_o4ep1XwJ8QtDnAQbtgxQKYLyNqPMiXn7xdFEEf1pu3BBsGc6Tjye0voQ07i9U2lupjEVE__QUwx_P-mMs0RUALIyVrTOC7Zbw5XrhPCvGIQSL3H765t2cQ5vYf9lk9nnm0HjUMomQ95XHrlYGftthS9Q&pv=2

http://lb.cdn.m6web.fr/d/c/a/c0d571de38b9f0d3cbb52f95164f9019/561a6e4c/soft/.../formatfactory_3-7-5-0_fr_223920.exe

http://www.filehorse.com/download/file/.../

http://cdn.soft-download.ru/?s=FoK59MCnxdnaBpqrRPIZ1Q&pf=FormatFactory_Rus_Setup.exe&pt=Format Factory ??? Windows&src=softcatalog.info

&onid=2194&oid=3001-2194_4-10968547&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=video/converters&topicbrcrm=&pid=14461846&mfgid=10053063&merid=10053063&ctype=dm&cval=SPIGOTWIN&devicetype=desktop&pguid=8471a2e57e784c8af5bd1529&viewguid=abxlYC1SZFu2Zf2qfuEVH6KQpZUSrso3OQvI&destUrl=http://software-files-a.cnet.com/s/software/14/.../18/.../FFSetup3.7.5.0.exe

https://d21.usercdn.com/d/.../FormatFactory3.7.5.0.exe

http://filehippo.com/it/download/file/.../

http://filehippo.com/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/90b8b54f467001d54dc18d2e134e7e73/560ecde5/soft/.../formatfactory_3-7-5-0_fr_223920.exe

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://i.download.idg.pl/fannef/6cee6c94c2bcef96cdc68e81b4e76743/57e52f01//vol2/w95/konwertery/.../FFSetup3.7.5.0.exe

http://files.downloadnow.com/0D135ED7-6C15-41EC-9E40-F719EFD96C77/FinalDownload/DownloadId-97508D945E64CE09086E0D9301AD43CB/0D135ED7-6C15-41EC-9E40-F719EFD96C77/s/software/14/.../18/.../FFSetup3.7.5.0.exe

http://lb.cdn.m6web.fr/d/c/a/b8f68fa744545d90ce27acbbb0702330/56177c51/soft/.../formatfactory_3-7-5-0_fr_223920.exe

http://www.filehorse.com/download/file/.../

http://filehippo.com/download/file/.../

&onid=2194&oid=3001-2194_4-10968547&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=video/converters&topicbrcrm=&pid=14461846&mfgid=10053063&merid=10053063&ctype=dm&cval=SPIGOTWIN&devicetype=desktop&pguid=8dc2ead29385358d9a606481&viewguid=YaQVknh2WciYR5cysy58e29yMtaoCEqXlIgf&destUrl=http://software-files-a.cnet.com/s/software/14/.../18/.../FFSetup3.7.5.0.exe

http://filehippo.com/download/file/.../

http://www.filehorse.com/download/file/.../

https://doc-0s-58-docs.googleusercontent.com/docs/securesc/didl2nukp958apun1337rktqrs6tah3u/0tk0jmt2ikdacptp7krb38j2olslla30/1465804800000/.../06214682328710061655/0B4dGq9G3MriGZmZ4UXcweVpjUVE?e=download

Latest 30 of 171 download URLs

Remove ffsetup3.7.5.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.