home

fscapturesetup79.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.faststonesoft.net.
MD5:
075c04eda09370444a12a7e43b3ffb6b

SHA-1:
803ce0a4bc72a3800cf777c235ae470fe9f516c2

SHA-256:
2963a3af736d9fc1c71328af07b33a45eeded84f4d0e9d6ec03f72402d4d2f9b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:30:22 PM UTC  (today)

File size:
3 MB (3,097,983 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\fscapturesetup79.exe

File PE Metadata
Compilation timestamp:
6/7/2009 12:41:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:KDRaeTkSFKtEMM2DG/iRL01ZMPO5n5y/tCeAmDIrHrv6UTC00WCkh4y5XeZgWLZB:qAyK5/+9vh5y/tCehsrHrb0Wr4y5uZBr

Entry address:
0x30FA

Entry point:
8D, 15, 44, 35, A8, 29, 45, 0F, B7, FB, 68, CD, 5A, 5C, 00, C6, C3, 27, 3A, F9, 89, CD, 69, ED, B5, BD, FA, 32, 0F, B7, C1, FF, C9, 80, D1, F7, 85, D1, 68, 2D, E8, 63, 00, 8A, D7, 69, EB, C2, 5B, C4, 06, 2B, DA, E8, 21, 00, 00, 00, 70, 0A, 8D, 3D, B3, 12, 1E, 6C, 11, F8, 34, AA, 13, FD, B0, 0F, F2, 85, FE, 8D, 32, 3D, 17, 5A, 00, 00, 70, 05, B9, 34, 4F, CF, 54, EB, 0A, 32, D3, 81, CD, EF, C6, FF, DD, 14, 4F, 4A, 3C, A6, 8D, 0D, C3, 94, E3, 28, 0A, EE, 81, C3, A6, 31, 01, 00, 81, D6, C2, 7F, 07, F8, 81, EB...
 
[+]

Entropy:
7.9979  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file fscapturesetup79.exe has been seen being distributed by the following URL.

http://www.faststonesoft.net/.../FSCaptureSetup79.exe

Scan fscapturesetup79.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.