FormatFactory.exe

FormatFactory

chen jun hao

The application FormatFactory.exe by chen jun hao has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Format Factory by Free Time. While running, it connects to the Internet address mine.monitormaildepot.net on port 80 using the HTTP protocol.
Publisher:
Free Time  (signed by chen jun hao)

Product:
FormatFactory

Version:
3.6.0.0

MD5:
04e66ee5570c1e8c838261ba36681b99

SHA-1:
2445bd36586d07ecf34f1e361d9004fbe93ce308

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
10/22/2018 10:18:49 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

Bkav FE
HW32.Stranact
1.3.0.4246

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.chenjunhao
15.2.15.21

File size:
5.5 MB (5,723,464 bytes)

Product version:
3.6.0.0

Copyright:
Copyright (C) 2008 - 2015

Original file name:
FormatFactory.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\freetime\formatfactory\formatfactory.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 6:09:13 AM

Valid to:
6/25/2016 6:09:13 AM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
2/14/2015 12:50:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:UWN59mvvdrhCfrgwV0LcjtMAKaqV/4CligMMMMMMMMLMMMMMMMMMMmxghAxMfnd2:Us59mq1BMsqV/4giHcAxB+eD

Entry address:
0x1BD8D9

Entry point:
E8, 83, 0D, 00, 00, E9, 49, FE, FF, FF, 3B, 0D, 00, D3, 65, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 2C, 39, 5E, 00, 6A, 01, A3, 9C, 7F, 68, 00, E8, 69, 0E, 00, 00, FF, 75, 08, E8, 67, 0E, 00, 00, 83, 3D, 9C, 7F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 4F, 0E, 00, 00, 59, 68, 09, 04, 00, C0, E8, 50, 0E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 7F, 0E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 7D, 68, 00, 89, 0D, 7C, 7D, 68, 00, 89, 15, 78, 7D, 68, 00...
 
[+]

Code size:
1.9 MB (1,969,152 bytes)

The file FormatFactory.exe has been discovered within the following program.

Format Factory  by Free Time
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mine.monitormaildepot.net  (67.229.68.206:80)

TCP (HTTP):
Connects to interest.monitormaildepot.net  (67.229.68.202:80)

TCP:
Connects to host-static-93-117-171-157.moldtelecom.md  (93.117.171.157:6881)

TCP:
Connects to host-156.202.67.205-static.tedata.net  (156.202.205.67:6881)

TCP:
Connects to dynamic-ssa-177-131-216-176.simtv.com.br  (177.131.216.176:6881)

TCP:
Connects to Doze254-50.dozeinternet.com  (103.239.254.50:6881)

TCP:
Connects to bb7ad9e7.virtua.com.br  (187.122.217.231:49249)

TCP:
Connects to b1c3919c.virtua.com.br  (177.195.145.156:6881)

TCP:
Connects to b1237b02.virtua.com.br  (177.35.123.2:6881)

TCP:
Connects to 201-69-85-135.dial-up.telesp.net.br  (201.69.85.135:6881)

TCP:
Connects to 200-103-211-186.ctame210.dial.brasiltelecom.net.br  (200.103.211.186:6881)

TCP:
Connects to 177-93-141-29.marinter.com.br  (177.93.141.29:6881)

TCP:
Connects to 142-217-241-183.telebecinternet.net  (142.217.241.183:6881)

TCP:
Connects to 138.118.20-176.clik.sfnet.com.br  (138.118.20.176:6881)

TCP (HTTP):
Connects to mx-ll-110.164.6-167.static.3bb.co.th  (110.164.6.167:80)

TCP (HTTP):
Connects to mx-ll-110.164.16-30.static.3bb.co.th  (110.164.16.30:80)

TCP:
Connects to c94ae233.virtua.com.br  (201.74.226.51:6881)

TCP:
Connects to 191-193-171-58.user.vivozap.com.br  (191.193.171.58:6881)

Remove FormatFactory.exe - Powered by Reason Core Security