» filedoumi_setup.exe
Overview
Analysis
File Details
Downloads (1)

filedoumi_setup.exe

FileDoumi

(주)네오유엑스

The application filedoumi_setup.exe, “FileDoumi Setup ” by (주)네오유엑스 has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from down.filedoumi.co.kr.

File name:

filedoumi_setup.exe

Publisher:

Product:

FileDoumi

Description:

FileDoumi Setup

Version:

3.0.0.0

MD5:

e25c334f28f806657cf4ddde424b09ab

SHA-1:

b3fbb90c5d3fda6d772e74593e563631bff3ba8a

SHA-256:

cd7b9fde4eecb66dbfe539b9a9b3a78e76b1699a124b047c4dd84734aebf0430

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 9:59:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NMJ

734

Avira AntiVirus

TR/ATRAPS.Gen2

7.11.135.232

AVG

MalSign.Generic

2016.0.3212

Bitdefender

Adware.Agent.NMJ

1.0.20.160

Comodo Security

UnclassifiedMalware

17908

Emsisoft Anti-Malware

Adware.Agent.NMJ

8.15.02.01.02

ESET NOD32

Win32/Adware.Kraddare.FX (variant)

9.9520

Fortinet FortiGate

Riskware/Kraddare

2/1/2015

F-Secure

Adware.Agent.NMJ

11.2015-01-02_1

G Data

Adware.Agent.NMJ

15.2.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

Malwarebytes

Adware.K.OpenTab

v2015.02.01.02

McAfee

Artemis!E25C334F28F8

5600.6868

MicroWorld eScan

Adware.Agent.NMJ

16.0.0.96

nProtect

Adware.Agent.NMJ

14.03.09.01

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27260

File size:

1.8 MB (1,867,160 bytes)

Product version:

3.0.0.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\roaming\filedoumi\filedoumi_setup.exe

Digital Signature

Signed by:

(주)네오유엑스

Authority:

Thawte, Inc.

Valid from:

12/3/2011 8:00:00 AM

Valid to:

12/3/2012 7:59:59 AM

Subject:

CN="(주)네오유엑스 ", O="(주)네오유엑스 ", L="Guro-gu ", S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6896C85E82B7D9999B1E18C73F047B4E

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:XadEeoOVpNJsRxaP6aVGaeNHBXKr8rvAAA+yUinXBgi:qdElssjaP1VYNZvrA5Rgi

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9933

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file filedoumi_setup.exe has been seen being distributed by the following URL.

http://down.filedoumi.co.kr/.../FileDoumi_Setup.exe

Remove filedoumi_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.