» ffv_z_setup.exe
Overview
Analysis
File Details
Downloads (4)

ffv_z_setup.exe

Free File Viewer

Bitberry Software ApS

The application ffv_z_setup.exe, “Free File Viewer for PDF, DOC, DOCX, RTF, XLS, etc. ” by Bitberry Software ApS has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from us03.procloudstorage.com and multiple other hosts.

File name:

ffv_z_setup.exe

Publisher:

Bitberry Software (signed by Bitberry Software ApS)

Product:

Free File Viewer

Description:

Free File Viewer for PDF, DOC, DOCX, RTF, XLS, etc.

Version:

2014.2.16.0

MD5:

da7e8c570fb248dceee847b55cc8fb4c

SHA-1:

78778a72c78a14bfc15b7c631163c9405520d11b

SHA-256:

a32734425190953769a548a10093107b33ed6598aabb6df4521e010d1189e9f1

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 9:40:06 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Searcher.2650

9.0.1.0230

ESET NOD32

Win32/FileTypeAssistant (variant)

8.10039

Reason Heuristics

PUP.Optional.Installer.L

14.8.18.1

Sophos

Install Core Click run software

4.98

File size:

20.6 MB (21,642,048 bytes)

Product version:

2014.2.16.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ffv_z_setup.exe

Digital Signature

Signed by:

Bitberry Software ApS

Authority:

VeriSign, Inc.

Valid from:

9/20/2013 8:00:00 AM

Valid to:

11/19/2016 7:59:59 AM

Subject:

CN=Bitberry Software ApS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bitberry Software ApS, L=Holbæk, S=Alberta, C=DK

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

23118AB330BEB5704ADCCE30BBB04D23

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:7F2saoXpylZ2+Auqf4EENxkTG3up0MGqKMvP+81fmgTbAvgjVSziULWDW4wrk1+i:7F2sLsZ2nHYNxk4udt1vmtgTbDjKkniE

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9999

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file ffv_z_setup.exe has been seen being distributed by the following 4 URLs.

http://us03.procloudstorage.com/.../ffv_z_setup.exe

http://dl01eu.file.org/.../ffv_z_setup.exe

http://www.bitberry.com/dl/redir/.../ffv_z_setup.exe

http://www.bitberryupdates.com/ffv_redir.html?r=ffvdl

Remove ffv_z_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.