FormatFactory.exe

FormatFactory

chen jun hao

The application FormatFactory.exe by chen jun hao has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Format Factory by Free Time. While running, it connects to the Internet address mine.monitormaildepot.net on port 80 using the HTTP protocol.
Publisher:
Free Time  (signed by chen jun hao)

Product:
FormatFactory

Version:
3.8.0.0

MD5:
24be11e31294c09c99f0f6cbfbbf736d

SHA-1:
e7cbdb19cb66c37b6f15b1a7863eedac311c059c

SHA-256:
190c06062e99e66688d316eabdc1d4987e5b32c006620292b648d8244dfebf5d

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
10/22/2017 9:36:20 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.30.172

Antiy Labs AVL
Trojan/Win32.TSGeneric
1.0.0.1

Bkav FE
HW32.Stranact
1.3.0.4246

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.chenjunhao (M)
15.10.22.12

File size:
5.9 MB (6,225,736 bytes)

Product version:
3.8.0.0

Copyright:
Copyright (C) 2008 - 2015

Original file name:
FormatFactory.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 5:09:13 PM

Valid to:
6/25/2016 5:09:13 PM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
10/17/2015 2:22:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:vWpfhdd/kTTiDjfNHO5wuKjZnjZVlvQWaoJdrEgMMMMMMMMLMMMMMMMMMMmxghAO:vwfh675cTcoAHcAxsbeS

Entry address:
0x1C057F

Entry point:
E8, 8D, 0D, 00, 00, E9, 49, FE, FF, FF, 3B, 0D, 00, 43, 66, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 78, 6A, 5E, 00, 6A, 01, A3, 2C, F1, 68, 00, E8, 73, 0E, 00, 00, FF, 75, 08, E8, 71, 0E, 00, 00, 83, 3D, 2C, F1, 68, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 59, 0E, 00, 00, 59, 68, 09, 04, 00, C0, E8, 5A, 0E, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 89, 0E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 10, EF, 68, 00, 89, 0D, 0C, EF, 68, 00, 89, 15, 08, EF, 68, 00...
 
[+]

Entropy:
7.1825

Code size:
1.9 MB (1,981,952 bytes)

The file FormatFactory.exe has been discovered within the following program.

Format Factory  by Free Time
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mine.monitormaildepot.net  (67.229.68.206:80)

TCP (HTTP):
Connects to interest.monitormaildepot.net  (67.229.68.202:80)

TCP:
Connects to rt155bb131-145-210.routit.net  (145.131.155.210:8196)

TCP:
Connects to ppp92-100-3-63.pppoe.avangarddsl.ru  (92.100.3.63:6881)

TCP:
Connects to no-data  (60.27.31.208:3982)

TCP:
Connects to ks3360739.kimsufi.com  (37.187.98.173:65473)

TCP:
Connects to ip-95-221-203-92.bb.netbynet.ru  (95.221.203.92:49350)

TCP:
Connects to host-41.36.162.54.tedata.net  (41.36.162.54:6881)

TCP:
Connects to host-41.35.200.25.tedata.net  (41.35.200.25:6881)

TCP:
Connects to hn.kd.ny.adsl  (123.7.84.170:36864)

TCP:
Connects to fm-dyn-118-137-2-108.fast.net.id  (118.137.2.108:6881)

TCP:
Connects to dup-201-97-8-70.prod-dial.com.mx  (201.97.8.70:54625)

TCP:
Connects to c94babe4.virtua.com.br  (201.75.171.228:6484)

TCP:
Connects to bb275afe.virtua.com.br  (187.39.90.254:6881)

TCP:
Connects to 67.155.171.93.regiotel.sk  (93.171.155.67:2199)

TCP:
Connects to 27.38.141.122.adsl-pool.jlccptt.net.cn  (122.141.38.27:6881)

TCP:
Connects to 187-63-71-116.ip.static.lestedobrasil.com.br  (187.63.71.116:6881)

TCP:
Connects to 187.59.101.133.static.host.gvt.net.br  (187.59.101.133:6881)

TCP:
Connects to 179-228-138-144.user.vivozap.com.br  (179.228.138.144:6881)

TCP:
Connects to 179-164-223-85.user.vivozap.com.br  (179.164.223.85:6881)

Remove FormatFactory.exe - Powered by Reason Core Security