FormatFactory.exe

FormatFactory

chen jun hao

The application FormatFactory.exe by chen jun hao has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Format Factory by Free Time. While running, it connects to the Internet address mine.monitormaildepot.net on port 80 using the HTTP protocol.
Publisher:
Free Time  (signed by chen jun hao)

Product:
FormatFactory

Version:
3.7.0.0

MD5:
9130f710b265d46fab1e2ebf12603783

SHA-1:
2af1678f1edff8776cd700d7325029645c2b8922

SHA-256:
29468948a72b1fcadbc2e280159f9752457d683583d5270f5d6d783bd9bb7342

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
10/22/2018 10:13:41 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

Bkav FE
HW32.Stranact
1.3.0.4246

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.chenjunhao (M)
15.8.25.17

File size:
5.9 MB (6,196,040 bytes)

Product version:
3.7.0.0

Copyright:
Copyright (C) 2008 - 2015

Original file name:
FormatFactory.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\freetime\formatfactory\formatfactory.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 12:09:13 PM

Valid to:
6/25/2016 12:09:13 PM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
8/24/2015 3:17:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:inCDdi/b5akhkYLQVK5CE30oJdrEgMMMMMMMMLMMMMMMMMMMmxghAxMfRdojGko7:NDdYZNkoAHcAxP+ew

Entry address:
0x1BEA3F

Entry point:
E8, 8D, 0D, 00, 00, E9, 49, FE, FF, FF, 3B, 0D, 00, 23, 66, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 78, 5A, 5E, 00, 6A, 01, A3, CC, D0, 68, 00, E8, 73, 0E, 00, 00, FF, 75, 08, E8, 71, 0E, 00, 00, 83, 3D, CC, D0, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 59, 0E, 00, 00, 59, 68, 09, 04, 00, C0, E8, 5A, 0E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 89, 0E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, B0, CE, 68, 00, 89, 0D, AC, CE, 68, 00, 89, 15, A8, CE, 68, 00...
 
[+]

Entropy:
7.1811

Code size:
1.9 MB (1,974,784 bytes)

The file FormatFactory.exe has been discovered within the following program.

Format Factory  by Free Time
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to interest.monitormaildepot.net  (67.229.68.202:80)

TCP (HTTP):
Connects to mine.monitormaildepot.net  (67.229.68.206:80)

TCP:
Connects to net-37-119-38-52.cust.vodafonedsl.it  (37.119.38.52:6881)

TCP:
Connects to host-197.33.35.36.tedata.net  (197.33.35.36:57687)

TCP:
Connects to client-181-42-38-91.imovil.entelpcs.cl  (181.42.38.91:57626)

TCP:
Connects to ppp-146-68.26-151.wind.it  (151.26.68.146:6881)

TCP:
Connects to mc-80-168.tm.net.my  (203.106.80.168:6881)

TCP:
Connects to hn.kd.ny.adsl  (125.45.106.54:6881)

TCP:
Connects to cm-27-145-53-36.revip12.asianet.co.th  (27.145.53.36:6881)

TCP:
Connects to bfbb8423.virtua.com.br  (191.187.132.35:6881)

TCP:
Connects to 39.net-182.kaluga.ru  (5.143.182.39:6881)

TCP:
Connects to 109.251.150.140.freenet.com.ua  (109.251.150.140:6881)

TCP:
Connects to 061093143239.ctinets.com  (61.93.143.239:51874)

TCP (HTTP):
Connects to x177.dataglobe.eu  (212.92.23.177:80)

TCP:
Connects to ppp-124-122-44-114.revip2.asianet.co.th  (124.122.44.114:6881)

TCP:
Connects to host-197.34.105.187.tedata.net  (197.34.105.187:6881)

TCP:
Connects to host-156.194.106.10-static.tedata.net  (156.194.10.106:6881)

TCP:
Connects to gw13eth0-8.hexato.com.br  (186.219.160.48:6881)

TCP:
Connects to entrenanet--191-5-177-37.enn.net.br  (191.5.177.37:6881)

Remove FormatFactory.exe - Powered by Reason Core Security