FormatFactory.exe

FormatFactory

chen jun hao

The application FormatFactory.exe by chen jun hao has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Format Factory by Free Time. While running, it connects to the Internet address mine.monitormaildepot.net on port 80 using the HTTP protocol.
Publisher:
Free Time  (signed by chen jun hao)

Product:
FormatFactory

Version:
3.6.0.0

MD5:
c20ff01b2cdbc0ccabee37aba8989f54

SHA-1:
870d0298879f9dae5c4dae0a0f23834b623fbfdf

SHA-256:
28131bd199b987ba50cff6c66e33c5ede193ad1f1d8336e610068fe8c0cc8482

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
10/23/2017 7:47:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

Antiy Labs AVL
Trojan/Win32.TSGeneric
1.0.0.1

Bkav FE
HW32.Stranact
1.3.0.4246

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.chenjunhao
15.3.21.9

File size:
5.5 MB (5,723,464 bytes)

Product version:
3.6.0.0

Copyright:
Copyright (C) 2008 - 2015

Original file name:
FormatFactory.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\freetime\formatfactory\formatfactory.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 12:09:13 PM

Valid to:
6/25/2016 12:09:13 PM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
3/11/2015 6:39:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:AyJSS35BzN0poSjMMiOgs/BScNTigMMMMMMMMLMMMMMMMMMMmxghAxMfndojGko1:AwSS3w6KBniHcAxB+e+

Entry address:
0x1BD8C7

Entry point:
E8, 85, 0D, 00, 00, E9, 49, FE, FF, FF, 3B, 0D, 00, D3, 65, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 2C, 39, 5E, 00, 6A, 01, A3, 9C, 7F, 68, 00, E8, 6B, 0E, 00, 00, FF, 75, 08, E8, 69, 0E, 00, 00, 83, 3D, 9C, 7F, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 51, 0E, 00, 00, 59, 68, 09, 04, 00, C0, E8, 52, 0E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 81, 0E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 7D, 68, 00, 89, 0D, 7C, 7D, 68, 00, 89, 15, 78, 7D, 68, 00...
 
[+]

Entropy:
7.1133

Code size:
1.9 MB (1,969,152 bytes)

The file FormatFactory.exe has been discovered within the following program.

Format Factory  by Free Time
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mine.monitormaildepot.net  (67.229.68.206:80)

TCP (HTTP):
Connects to interest.monitormaildepot.net  (67.229.68.202:80)

TCP:
Connects to static.vnpt.vn  (113.171.224.19:16884)

TCP:
Connects to n219079159001.netvigator.com  (219.79.159.1:53945)

TCP:
Connects to host-41.234.212.76.tedata.net  (41.234.212.76:53716)

TCP:
Connects to host-190-131-89-156.ecutel.net.ec  (190.131.89.156:53793)

TCP:
Connects to host.62.114.130.144.nile-online.net  (62.114.130.144:6881)

TCP:
Connects to hn.kd.ny.adsl  (182.121.47.22:6881)

TCP:
Connects to c9509016.virtua.com.br  (201.80.144.22:6881)

TCP:
Connects to badfdcad.virtua.com.br  (186.223.220.173:6881)

TCP:
Connects to b39b8c78.virtua.com.br  (179.155.140.120:6881)

TCP:
Connects to b1b62847.virtua.com.br  (177.182.40.71:6881)

TCP:
Connects to abts-north-dynamic-108.226.163.122.airtelbroadband.in  (122.163.226.108:6881)

TCP:
Connects to 90-151-121-103.pppoe-adsl.isurgut.ru  (90.151.121.103:6881)

TCP:
Connects to 219.64.177.88.del.dialup.vsnl.net.in  (219.64.177.88:6881)

TCP:
Connects to 191-23-111-227.user.vivozap.com.br  (191.23.111.227:6881)

TCP:
Connects to 187-62-192-17.blr.voxconexao.com.br  (187.62.192.17:6881)

TCP:
Connects to 187.59.98.125.static.host.gvt.net.br  (187.59.98.125:6881)

TCP:
Connects to 186-190-19-194.accesshaiti.net  (186.190.19.194:6881)

TCP:
Connects to 182.subnet125-163-100.speedy.telkom.net.id  (125.163.100.182:6881)

Remove FormatFactory.exe - Powered by Reason Core Security