home

formatfactory-311-32-bits.exe

NO ZEBRA NETWORK LTDA

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application formatfactory-311-32-bits.exe by NO ZEBRA NETWORKA has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the installCore installer. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform.
Publisher:
NO ZEBRA NETWORK LTDA  (signed and verified)

MD5:
8b6bce6221cbc9427c1f92aab58ca43f

SHA-1:
c2642afb0de0a8178a9780724a76a304b5d63d0f

SHA-256:
3ffd4dbc03b01960ce2fd25a40eaa4d2681287227d93d7f3d6bdd63b4978842d

Scanner detections:
26 / 68

Status:
Adware

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 6:53:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.940242
549

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/Installco.AB
7.11.102.144

Bitdefender
Application.Generic.940242
1.0.20.1085

Comodo Security
Application.Win32.InstallCore.AB
16940

Dr.Web
Adware.InstallCore.107
9.0.1.0217

ESET NOD32
Win32/InstallCore.BY (variant)
9.10875

Fortinet FortiGate
Riskware/InstallCore
8/5/2015

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

F-Secure
Application.Generic.940242
11.2015-05-08_4

G Data
Application.Generic.940242
15.8.24

herdProtect (fuzzy)
variant of audacity-203-32-bits.exe
2015.9.11.2

IKARUS anti.virus
PUA.SoftwareBundler
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.InstallCore
v2015.08.05.01

McAfee
Artemis!DF70453DBFF9
5600.6683

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

MicroWorld eScan
Application.Generic.940242
16.0.0.651

NANO AntiVirus
Riskware.Win32.InstallCore.dcuoat
0.28.6.63850

Qihoo 360 Security
Win32/Virus.Adware.dc7
1.0.0.1015

Reason Heuristics
PUP.NOZEBRANETWORKA.Installer (M)
15.8.4.21

Rising Antivirus
PE:Malware.InstallCore!6.4
23.00.65.15803

Sophos
Generic PUA MC
4.98

SUPERAntiSpyware
PUP.InstallCore/Variant
9711

Trend Micro House Call
TROJ_GEN.R0CBH01H213
7.2.217

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
InstallCore
21492

File size:
643.9 KB (659,320 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\formatfactory-311-32-bits.exe

Digital Signature
Signed by:
NO ZEBRA NETWORK LTDA

Authority:
COMODO CA Limited

Valid from:
7/30/2012 9:00:00 PM

Valid to:
7/31/2013 8:59:59 PM

Subject:
CN=NO ZEBRA NETWORK LTDA, O=NO ZEBRA NETWORK LTDA, STREET=R PASTEUR 463, L=BATEL CURITIBA, S=PARANA, PostalCode=80250080, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
26556D2FFBCEFA88C86C73FAA9F72A54

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:jR8kyMJfsoULtyefExEL52EyE6Wq45t4yXijqHYSgCWDqYJ78AV+ytTHApWN7i4E:l8kyMJfs955fVSk15SEiW4sWb8A7HAE4

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file formatfactory-311-32-bits.exe has been seen being distributed by the following URL.

http://dl.cdn.baixaki.com.br/programas/52183/.../formatfactory-311-32-bits.exe

Remove formatfactory-311-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.