» ffsetup3.9.0.1.exe
Overview
Analysis
File Details
Downloads (8478)

ffsetup3.9.0.1.exe

Format Factory

Free Time Co., Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.factorybestnew.com and multiple other hosts.

File name:

ffsetup3.9.0.1.exe

Publisher:

Free Time Co., Ltd (signed by Free Time Co., Ltd.)

Product:

Format Factory

Description:

Format Factory Video/Audio/Picture Converter

Version:

3.9.0.1

MD5:

e5f19c749ad57579a5560aae9de0a0d6

SHA-1:

e23cfaff7961084fe2d0b26f5549a86ad437f425

SHA-256:

ce60a03b0495dec2efd0de467e5093b718eb1644f8dd5f8cbdb5a6bc254eb60f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/29/2024 1:15:03 PM UTC (today)

File size:

43.3 MB (45,376,272 bytes)

Product version:

3.9.0.1

Free Time Co., Ltd

Trademarks:

Format Factory Application is a trademark of FreeTime

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ffsetup3.9.0.1.exe

Digital Signature

Signed by:

Free Time Co., Ltd.

Authority:

Symantec Corporation

Valid from:

5/12/2016 8:00:00 AM

Valid to:

5/13/2019 7:59:59 AM

Subject:

CN="Free Time Co., Ltd.", OU=Development, O="Free Time Co., Ltd.", L=shanghai, S=shanghai, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

6404DB61004532252326E3EE1DAB5AB2

File PE Metadata

Compilation timestamp:

12/17/2013 2:46:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

786432:xd5N8lTBdzVH8Ld+Jc89ZPbyTLkPHKM18KmQkG47KCfWndEuq:xd5ilTlcx89Z+eH3WQx/n

Entry address:

0x3A0A

Entry point:

81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, DB, 5E, 89, 5C, 24, 18, C7, 44, 24, 10, 40, A2, 40, 00, 89, 5C, 24, 14, FF, 15, 90, 90, 40, 00, 89, 44, 24, 1C, FF, 15, 34, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 53, FF, 15, 30, 93, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 2B, 2A, 00, 00, 53, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 3C, 50, 53, 68, 84, A3, 40, 00, FF, 15, A4, 91, 40, 00, 68, 6C, A3, 40, 00, 68, C0, BD, 46, 00, E8, 0D, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF... 
[+]

Entropy:

7.9998

Packer / compiler:

Nullsoft install system v2.x

Code size:

30.5 KB (31,232 bytes)

The file ffsetup3.9.0.1.exe has been seen being distributed by the following 50 URLs.

http://www.factorybestnew.com/POQsahiyokHsKHJOiYG1YBa86oeC6rBcu3JCZXGZa_Mqivh6ILNlh2eREkohTqJPkbbJVuyf3D0c28WKISLmTpWTfGB64iyz4W7lZBQ0GKq3QkEJdwD2aoSUL5HdgWoLnZRQc662Wvz_3C3N0AsD _aHh_cWAw1S5FMn7ISXGXBrCQOAw5UqVAT4venhVJd4x03Uc1E6-Ow==

http://www.factorybestnew.com/c?x=/91xeqL3sXAcSbuD0cIphzJQ36aYkl /.../Jo9D49PVg&downloadAs=Installer.exe

http://www.factorybestnew.com/KXEHeL3p4of_9k6koNa_ADdv15uBcA2PhNNrTER1PtKbnTL DBWqZoXRNkGXmVWvrElkKP5QadCb6Hmnvah9upuXF8b6BL3JhwqToJmpfhCVa61GWh_Y0i5a4Ryow63td1WAgG4CJre2DYg4Ozay0BgPtdrM3QQKgUE4Kc2Z5NKi58upZNCVYKqJ0a_1UEg4RH9dwURL-Ow==

http://www.factorybestnew.com/c?x=YQaXOZaBHmtVMtrLxvq8r1uqQyblXF71unjToQmp9Y4=&c=tUnlVEaW5kkmTxc09EBr 1q57wHsaINGqpN R2hgK8WVwwWgMtnBhY0UcbGrnRL9gq1csK1174A27xPCDnx7tFJzRXl003tgnAdpMvb9fq 8Hci00qAnNvOsWT1M6DCjgY9/C1dsQ/.../Itl0RREZr4LyscFO32deBpxVWM=&e=0&downloadAs=Installer.exe

http://lb.cdn.m6web.fr/d/c/a/f0592af7e736369a716497bffb939853/582f04d5/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://indir.gezginler.net/i/7152/.../

http://www.factorybestnew.com/c?x=hwCLiA2N0LIEkGGc9UER56PYvNRG8F7HEng Fq/CIE=&c=BDpcH2z3bgZ1gEdrMbPfyI1 OvLZyi66uW5x4q0H9MKm0AkLOF/.../XGA6mCa9lUF0PhrHDjbF 2R0tv2c2JQV2zZ9RMLCpCw==&e=0&downloadAs=Installer.exe

http://www.factorybestnew.com/c?x=4Unv 7HifabDNneF0JEVESqRdIx8fmtMf/.../sEAgNv7YmWQc6UE1 K0zE4f0UqjpotOvAZFAgjwESPLxpHd28zMtOTzlYAdu0u5ZnQs2GV6gcJmoE=&e=0&downloadAs=FFSetup.exe

http://lb.cdn.m6web.fr/d/c/a/f1e4de7e28318cbfc84e107a41888253/58468947/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/cfVLm4uNiQgWm7f6EMbrn1vbr7H53ZuEwF8SoOAPFXzcnAur7H8_yDXIDXkbrpzfZvWb9Bqzdc3tgn7 AeD90WoznFydYFNnCX1v_1A35ZOsnJnT0cMoFNA7Qc7n2ZLhIrICCI4aZsOLE8FF1vsIAc0oSUvgUiVEFRd_Gft5YdzAW2PWVMfGNPt1TIsC_Rgie0V6C4co-Ow==

http://lb.cdn.m6web.fr/d/c/a/4da5f3a4d7ba006367d55d9f50b64a53/583c395f/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/AI5q5gp0attXJngmk11KpDV8eWnWWKMBXrbjpCOjcwR7EJGlCMhf9Q_6Nhaym2hFSqab29RH3g W7kplPZz4PIgnhEBE dZfcQpuljz pqYGB p5TpkmYQxhPrB_NEvOVIo8QrTA6 sFJULULv03Q9rrClxUqNemk2kkYaXVqKTSASWFnDLtfUYzCMzXw9TLQL4NRI4a-Ow==

http://lb.cdn.m6web.fr/d/c/a/9bc78a04475712a5f7d1df08737aae46/58428d33/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://lb.cdn.m6web.fr/d/c/a/d2939a079a585b65cb1593f1cf5b79ff/579f89a3/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/vKt1tif_zLTHHON8NqbcxcnVjdZ2fVo_FqxcILIiyR0xgqGytOLYbwmKpWvfOTMdEvtoEhbRrcHeYyeHEZBEOd6U2ToFC2netGX3RKSgtsoxAakirDVnlq9_zCWU8tF4RmcOdQvwB8lcuwazcQbZJJvqPvvFKyAzHpEdsaLKbiI Ml2jI1eMmo0jU_PLSaDZwzg5K pm-Ow==

http://www.factorybestnew.com/7lYryw0r IMJYQonFtcRM7AI7bqjYuNxJc1XNNtBRmzhUes tH6cwuU4wqMvYwxHR9VlJxqUc7gbfi8Ane3Lsxx1m3nu6oioBoRN kxClQCTU5r9tXSoS3K9jZDVFjZUkdqcSQv3h0qpeou5A1rl9UWg_2B6guRUNZrya78YVYutwLok1YTS4HnqJe0HY747v73K6H_k-Ow==

http://lb.cdn.m6web.fr/d/c/a/9a64cc8ee4ab6409fde1b3174a2d9c27/579d5673/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://lb.cdn.m6web.fr/d/c/a/ac3efd727ea453dcf5fb4bdbfd3c74cf/580c019c/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/8 GJUBpCunexTO9gKL0Wv3YQke0pUSa8Z__tH9vIZVEFldp_9iqqR8h0DHDUM5n9kNp3SKJ98CUaxrCSM8zzVOj5Wfmqh7KehHA8cTUn7ItuhYjRinMyjSpQ6L8Woi5rRTSquMjYJ5P_7Rmagt4os4DcuPyL4W7m2XYhbpBtRJ30PvhPwyskTu2hiMy wRsgKUbwSJDG-Ow==

http://lb.cdn.m6web.fr/d/c/a/76d0763e4be23509c7fa5e1573f658eb/5849afe5/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://lb.cdn.m6web.fr/d/c/a/21a5f5faaf7b3f6ac09c76c02ba3a537/5824b91d/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/m6mDg4HImSHKsGHP22ELaY8PL0_dJB0OH8ufb4_yK4XLHgMgnMv sjC79hxvl6N8GuzYovwBmnD8bcU rMXSivPwTqwT485BzEaHiCJJIrUYScyxdOIPuUm9QMBVgX4sXaE9vV9a5oFOyPu18snWPK_6p0rypWugZNUhIfPRZTlNBwKZH7vAWSzT5gpikzZO3eiUG_fa-Ow==

http://www.factorybestnew.com/c?x=27iF2nkxvNy oRhF/OV94ZgUCac/EONuE9MoZ2Og/aE=&c=Mpd3MBvPLPLOHvSk9L8QIsdkmmrqr xjHrzSlW0XeCifZrvRpPidkAj/FV3/.../BYS2gU WPw84JbAlVI0Oz6lF3ch8ddMAXt4nLdfmONpZDB1f85u4YriQUVWddwpBY=&e=0&downloadAs=Installer.exe

http://www.factorybestnew.com/c?x=4SyJDiSjk25QQGUoQzysgdBHuRaw1N9u7WliTbs74SE=&c=8TOjWT6Vq5fmy HMQmMgt9RxY7b2tDN4uvELCZOvQrV30S7iKEHMFg5sKz7//vM1hP4jFpZIngagF4cuRMQ9enJcIVf Vl2N6mzEIwSdo6J3dDPaSyknrcI5Bcl9Qs1sTxyTQedawXpqm1cgLwEQkC8cYYqgvjoq41tVMq9mml4=&e=0&downloadAs=Installer.exe

http://www.factorybestnew.com/76aGKST7oVzqbGJ398ajA3WUlnsNfXP3OobFLwN9DkffA5ZMOkj0WQT5d_j_raTyMW8VoDtPIB3L4Gv79YacAlVcVnGXnt7e9A1SUavCv6OX2PUT5tLZtqZ8Vf2d2lKiLLexX9CcSWS5LzMFblUYIRRHNg7n1cPYA0NPplOSfWSyxI9sAprNImVZ8ZYOkiWmXvhyLXZu-Ow==

http://lb.cdn.m6web.fr/d/c/a/4836bd4bb1379a14db13b7593addf28e/5810dce5/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://lb.cdn.m6web.fr/d/c/a/e01831faf8c1b1f472046afcf4b69302/5845760f/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/pX9T_20lgsSubijOpxU_KVgd186OaBK4amrsNSX6PU5n SZYKKBT5x_mkOY6p3TzP2OTJCxyPtae316qcStRJ0B_nrzuBq74XGCDd5 BL191obqCRmT3UMhAG_IK7v5f3GGT2w4cioZ9aTTx5F6jaeDrsoN1kchgdaeJeco0G_ILEFh67y4wwVmiPxPkRqBkneSYjMn7-Ow==

http://lb.cdn.m6web.fr/d/c/a/e378b96a85396ffb8a4ba15f6c4de459/57a30f3d/soft/.../formatfactory_3-9-0-1_fr_223920.exe

http://www.factorybestnew.com/Ji84Oqhu5l 5YtB3HfSIX1QfBeDOymchCdh1woM8LAIIMdpfSRYdcUX7d8k3yCs4lw7sE_NIEOjdjVaTTS9Pgh L49b0AKpNk_jTjY_bAa2UNii_xp2TjR rHAXAfENqkmwHdMLk3miYA5hfXhNWq5jVXtvl98rzPi71xxDcCecgGew_HMeHOVMqmLmBqZcSF7FCRFmm-Ow==

Latest 30 of 8,478 download URLs

Scan ffsetup3.9.0.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.