» fms-installer.exe
Overview
Analysis
File Details
Downloads (20)

fms-installer.exe

This is a setup and installation application. The file has been seen being downloaded from www.bytesendclear.com and multiple other hosts.

File name:

fms-installer.exe

MD5:

ee1a7b9d4a18c0d9aa456638048b5e89

SHA-1:

f83c56d8936d9b23f8cc4f39f6bbae2869d763c5

SHA-256:

042849e23bfe8f23ea214a22fda828c9ff7d0164b154eda43eb118c7df7d7675

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 1:23:46 AM UTC (today)

File size:

5.9 MB (6,190,628 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\fms-installer.exe

File PE Metadata

Compilation timestamp:

10/6/1999 5:33:39 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

98304:98wAWRwsY2KXy3uvqzDJRIkRv8b7Uowx2TlXP5H1X44cPrTZYpYOg+hPlndlg05h:98wDRwbXyZDJSki7UWp/5H1otTZYacBh

Entry address:

0x1020

Entry point:

55, 8B, EC, 81, EC, 14, 04, 00, 00, 53, 56, 57, 6A, 00, FF, 15, 08, 41, 40, 00, 68, 00, 50, 40, 00, FF, 15, 04, 41, 40, 00, 85, C0, 74, 29, 6A, 00, A1, 00, 20, 40, 00, 50, FF, 15, 20, 41, 40, 00, 8B, F0, 6A, 06, 56, FF, 15, 1C, 41, 40, 00, 6A, 03, 56, FF, 15, 1C, 41, 40, 00, 33, C0, E9, 0C, 03, 00, 00, 68, 02, 7F, 00, 00, 33, F6, 56, FF, 15, 14, 41, 40, 00, 50, FF, 15, 10, 41, 40, 00, 68, 00, 02, 00, 00, 8D, 85, EC, FD, FF, FF, 50, 56, FF, 15, 00, 41, 40, 00, 56, B8, 00, 00, 00, 80, 50, 8D, 8D, EC, FD, FF... 
[+]

Entropy:

7.9994

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 KB (2,560 bytes)

The file fms-installer.exe has been seen being distributed by the following 20 URLs.

http://www.bytesendclear.com/2WoaACeIcNU5Br8OfB6r3L2Fsdaqhv0ff2k0cEIY6CPVc3w1bSvqr3k8jLTZzUCRg8WAMt3SZ11BRQLrBrYp1yQ9exnDaZxbvnZ2qPNBSUWSSbK0I4wHuOsxzA7gdd0rgb1nH x1JCAfFZy2zasXLJEBbbQYMOPFtkJI D8d4eXCjB38djXaM1a42ShE5KbCaAhw1PlFMrSXXMN0LFBhiKtbtz0g5G3URU7RWLVnI4h87d5KkNx iOeU5cbsdDEzKcVdUmxUGIQ1xMTI8grKYCO0aa 6aOwZfTE7GYvna07Eo AFaIiDJp8B6SmQ4bjrRx40YOKdmc ic e4kHd1aZyP37ToLhoDWuNWRtC62cPwXWczEhQ7daKYInGX2yPxhdcNH dWF1rTzzf87Ee7ImGlxbR4vZxl2fFUjRHk2V5GTPY5s15 jBovyNnRaudGjWEwaS5AvMq9vRlWqmB6LbfPE _ccj8qqPiS9xJxh9c_ab2hPsis1FeX7oc91aIUa73zx0i_uhjIAln4O2g0z1Kfrc6VkBkv5J39qfFt63VjMDQRXDFOwVcLxd83FQycLF9w8C_DsWushrcxHTchke9Y7npThCaBEMUbdpBy9gR4xUyIZUQ=-G08AAGRwXkxjyDpDpgaDQw4cvmsGgWCgwcbYuYIgvVxjjAJwJ9TKTut_Pas6bIH6RUx9daXmuaBevUOWdT4pJD43ULR_rsnCBG55Aw==-E

https://dw.uptodown.com/dwn/y5a1eRAnHrJmFJ5pRDFX4HvL1MqVX5F0u77Xk4pb7EQPIqRN1y98DdUE7RZYc-9GrPvU8mZvz1jWEZialIpRMMMHzTgmeyEUP4MOHT8VxaAga-9Grvv60a1_d8nBzdnc/Mcaph5ZI0JmUpyMSEM4Uq5GGXy8LwMl8ddMoGe_tgiMp2xYaFzlQcs5tLLY1QKJ9QMpaeNx2xCM3fdMqyii-SyCZijCd0DGhl9fs9m5SOjXA3-w4oR95u9IzfOF9IGrR/c_Sq9OYP-DR3xV97N3YIDQjjmRrVEoOIJMetpBYMutTIcv9awnxha4zHMGGjn2RXGHUspFVFyIOaCRufbi1N98jt7JMrG4wY8FCQUVOqpwf6d2TnOQwqWDyutI-w3HYA/.../

http://www.gws.com.tw/.../fmsdisk01.exe

http://dw.uptodown.com/dwn/3iY0zXPJkjRBtapu8YI3sceegRpuwuGeHXC3tnshT_iBiaPscX-WpKouqHiDRhEtsCCk0uPUCq3sjWoBvz6A8Lz7KGcuDxi5YVswcQNwcY6Ks5OhJkvIaz-BJ3q_wNTr/kRPbm2YPH_QCyTvcF6AKFbJUSnbGILiTAR6v-DDjK-9t5UCu-kmpO66v5NmsFaDqKHMYCgEWBqyHlL_3VoP5pmVyXdfgLlUnIkBl9TRBczk2caG36oxW0ABv6HWa4sNW/hNqzFimx7wE4NVjiTh_JJjGTclIThzbH2SifeK1YhH3puW2YYlyB_7VIGRgv_dXyFeJj88Jfoxr2k40myRJ82DUG8wvIihKQ0NP_zbSbd-omVy74gTLJQsuS0IIJyLmP/.../

http://dw.uptodown.com/dwn/_ZyrW3A52rRzbMmYIA7XK8WdZoHCG8YiVtgq2OBjRsuHOhhuaB6XOiNK-AtIfZpN0YqclN4mTiniMOCXHmExl-FoN_uf5zdKmQKKxyt6RL0GKac8y4o9OlQHIGsbPZDX/Sfb7bvUJtuaUF7Rd_R1k3po7nmhBxEAYw9bCWcuGJWK1NF4VzA4ftva_s-3MVwIyEFs7oz4fS5etSvpP1R1nIcMzGt5x9nKpGvEKIu-vATejbcDQvov02V7_2d_S4Ug5/qBlyOPWcBvYU-lDozmsRKY2UUm6NBvMhgdOM8zaHuCJW9n2kxYZCa401cnPDBGHmiGnV6W1KDj1qrWcrnQ9KWtlFbmRYuGdlgQ78f1YmyHBryWbb9N5LSb_QAA-FeTsc/.../

http://marcelluswallace.free.fr/.../fmsdisk01.exe

http://dw.uptodown.com/dwn/ICIBf95exwAKAx4E6Gc0gi7VNFXDWm5U8TlpPcYeVlWgscpQALgwRD-sbrmsoc59yTfCVwbWbG2_JwvoH7X3GyQ9MsI55HVW2ziZwU1Tczap7d1IaBODBf1aGl6TxBiO/-5c-s0fjRlPev3NKCXhLzf5p8mfI46k-wtb9ynqiPOR-FlAyYdJaJTpkCjom4zW42s3GbEI5kAFObjcVJdHIDbEDU4AERDBke_NffMv8oBJ0hM_IZTbOPZJuUVmoYVTa/NASaZixetdA89MLA-b-YHKXzkxhCqKOfO3EUoGMstD8kZYIMOPy8akqmcsxuJSjGGifRCjwFNS1OrTYc1FG-OmnJmo0lRpniChJKHnwZB89MkB34RCvnlBFT4Prjfm42/.../

http://indir.gezginler.net/i/5999/.../

http://dc100.4shared.com/download/.../FMS-Installer.exe

http://www.modelsimulator.com/.../fmsdisk01.exe

http://s10563.chomikuj.pl/File.aspx?e=Se2RV4n3r_NcFO1j9i_eBAy_MsFVm_iv8W-FmHokppmWRmppn6cymyOASVRCjo4pACW_AmHmKA13AzBukvRuLVA0q3Ve35QaZ1NEzQS9zRz6uGHZxKC8mSF_o-AJKkQPgoGIltMDP_Ae7dbWSHDi4g&pv=2

http://dw.uptodown.com/dwn/F9zfHY5OeZpBnP7gfk6XXxT7fLIw354JodevkKmBljsGGFt3WcwC1o1Hz5kz-UaKqV4ZkMTdV_vHZU4jtKwEoQELS9ruCijVCOW0bO_DA9yrqHGURToZQywIAGJQlvKk/K-dZoxynfWMY8YVjtB7CnFoSW-VNBg8mdO_vw4jWm-y9fwtYM79uVK-l42spYxh1WwH2xcO1Kf23pVA4b7AkoYx-neOEuv-s9VoI7i35JzDQNdakiUkd3yOOJNXbyIxN/xpsSrfjKGH7faLvJFyBnDDyO8aBhBUchB4qd7IvNpxBss5NZnbOVermv5dxufHmLXw4D20DLP3uPu2EbzPSvvc6K6v4UOMhQdTTZ9YKTEwwu_k_yFMp96a8WQC5mwkcK/.../

http://dw.uptodown.com/dwn/_3cI50F0mzSmZ3PYWg26LyAJIAC9_qEgaPoz3G3P2olfOU76NXOYZu8VtuA8U1LEIlNLfmvdgmDXKH2IZ35MCo1Qv0BLCyMptJPrlky6EvrcmIg5ZNSXNNqVBEbEvgsR/Y8TjB6CSvwW50EFIC0_0Y5X-tMzOZ873zwhyJF5Fe8SQMUlLkM69t1WRcZhmlODp6HLhWuerxqPA-vOaomeCZ_-Vwr_RQSU53E4eftUnu_MsC7XnIxtPMnI1SsdkKR2L/.../

http://dw9.it.uptodown.com/dw/1422804527/.../flying-model-simulator-2.0-b7.exe

http://dw9.it.uptodown.com/dl/1422800848/.../flying-model-simulator-2.0-b7.exe

http://dw.it.uptodown.com/dl/1422800848/.../flying-model-simulator-2.0-b7.exe

http://www.heliguy.com/media/.../fmsdisk01.exe

http://www.heliguy.com/.../fmsdisk01.exe

http://modelsimulator.com/.../fmsdisk01.exe

http://www.microflight.com/.../FMS-Installer.exe

Scan fms-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.