home

fg740p.exe

Dynamic Internet Technology Inc.

This is a setup program which is used to install the application. This executable runs as a local area network (LAN) Internet proxy server listening on port 8580. The file has been seen being downloaded from tb26.trainbit.com and multiple other hosts.
Publisher:
Dynamic Internet Technology, Inc.  (signed by Dynamic Internet Technology Inc.)

Description:
Fast and Secure Gateway to Internet Freedom

Version:
7, 4, 0, 0

MD5:
53ccdb89ff5b0bbfc4702a3821fb36fb

SHA-1:
57edc8b94c7595c41b24fc0c9b44a13f4ce945e4

SHA-256:
a5c76a85c67fd7d81c9945432c4cace45014f68703bdcdd688f7cd3943db326a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 2:53:44 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
HKTL_PROXY
7.2.357

Trend Micro
HKTL_PROXY
10.465.23

File size:
2.8 MB (2,976,536 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright (C) 2003-2010

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Dynamic Internet Technology Inc.

Authority:
GlobalSign nv-sa

Valid from:
7/27/2010 9:41:22 PM

Valid to:
7/27/2013 9:41:17 PM

Subject:
CN=Dynamic Internet Technology Inc., O=Dynamic Internet Technology Inc., C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012A154E407D

File PE Metadata
Compilation timestamp:
4/15/2013 9:43:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:UXrl0oM8fkEwTk5Z59/mPkxPqhjSp98srI6cRMs85JIHLJr4PheCeaVVG:UXB0AcEwYL55mPkxPzp98sDsyPICtVV

Entry address:
0xA9FD3

Entry point:
52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 33, 40, 5D, 00, 5A, 4A, EB, DF, 5A, E9, 00, 10, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 06, 00, C8, 11, 00, 80, 48, 00, 00, 80, 03, 00, 00, 00, 78, 00, 00, 80, 04, 00, 00, 00, D8, 00, 00, 80, 05, 00, 00, 00, F0, 00, 00, 80, 06, 00, 00, 00, C0, 01, 00, 80, 0E, 00, 00, 00, 90, 02, 00, 80, 10, 00, 00, 00, B8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8656  (probably packed)

Code size:
1.1 MB (1,183,744 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8580/

Local host port:
8580

Default credentials:
No


12 Windows Firewall Allowed Programs
Name:
C:\fsh\fg740p.exe

Name:
C:\Programss\Programss\fg740p.exe

Name:
C:\Documents and Settings\HP\Desktop\VPN\fg740p.exe

Name:
D:\Documents and Settings\CD CITY\Desktop\filtershkn\fg740p\fg740p.exe

Name:
D:\fg739p\fg740p.exe

Name:
C:\Documents and Settings\Administrator\Desktop\fg740p.exe


The file fg740p.exe has been discovered within the following program.

Cloob Messenger  by cloob.com
Cloob Messenger bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.
www.cloob.com/etc/messenger
About 10% of users remove it
 
Powered by Should I Remove It?

The file fg740p.exe has been seen being distributed by the following 16 URLs.

http://tb26.trainbit.com:8080/files/8454481884/.../

http://download1648.mediafire.com/4q4h2x6hjm2g/.../fg740p.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_1007_AIxUfbwAAA5SUlOICAAAADdaQOw&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=2bed0d28-3b3e-b961-0128-bb004f010000

https://bigdeltakab.info/b/http://download1us.softpedia.com/dl/bb55cdbc871b20349424325cfbd83998/51c96e91/100126546/software/.../fg740p.exe

http://s6.uplod.ir:182/d/.../Free Gate 7.4 [Endword.rzb.ir].exe

http://s2.picofile.com/d/.../fg740p.exe

http://f30.softwaretop.net/2107tmp/cf/soft/2013/8/ba/.../fregate_740.exe

http://cdn-us.filecluster.com/.../fg740p.exe

http://wiggio.com/get_document.php?docid=6221509

https://ir2-attach.ymail.com/xe.f1727.mail.yahoo.com/.../securedownload?m=YaDownload&mid=2_0_0_3_3105_ACgJDNkAAAKYU71K0QAAAGXZbJg&fid=Draft&pid=2&clean=0&appid=YahooMailNeo&cred=lB.ZekQOxnEjZY7xKWbo.j3RpzGnN20c87.IKtF3b9WcizMcpMscxn_JQA--&ts=1410363704&partner=ymail&sig=BVZrLR1A_XgwdKUXwnU6_w--

https://doc-00-14-docsviewer.googleusercontent.com/viewer/securedownload/dsn1aovipa7l846lsfcf94nedj8q2p4u/boates7qd4ooprdvbthus8vc3h7l7f6p/1379166300000/ZXhwbG9yZXI=/.../MEIwWnFFZUdMSlJXNk1YcDRlVVJzTlRNdE5XTQ==?sec=AHSqidZgjoCfgJagOYMLlu6zXs6cXXZm4JXQv0wCktMZh4-aSbMjST0MxytCvKkFS3FVHPdCOnPk&a=dl&filename=fg740p.rar&rel=rar;r1;fg740p.exe&nonce=ad856tg2fmasm&user=AGZ5hq8BgbJY1gwaOYx83cPOdNw6&hash=0nu3pbgt9gtbkpi39o78habtd89vhumc

http://bayanbox.ir/.../67736209110913027?download

http://www.filecluster.com/.../155374.html

http://dongtaiwang.com/loc/software/fg/.../fg740p.exe

http://us.dongtaiwang.com/loc/software/fg/.../fg740p.exe

https://app.box.com/index.php?rm=box_download_shared_file&shared_name=ce54bfiunj1levzif161&file_id=f_7697978648

Scan fg740p.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.