» fssetup208.exe
Overview
Analysis
File Details
Downloads (17)

fssetup208.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

fssetup208.exe

MD5:

acea2bdc853ad345aa1e0d2e7e176e3c

SHA-1:

f86ea5100a4ab2863c70a613e612eb41c33a09fc

SHA-256:

fbc3fc417fb550a74092d5ad17da5835349a01c5b77ec34b1c67752e62c003c1

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 1:16:21 AM UTC (today)

File size:

1.3 MB (1,340,583 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\fssetup208.exe

File PE Metadata

Compilation timestamp:

9/26/2011 3:21:38 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:uW8j251ky6S8i3cOQWps74epXXSsHJLcgnim8m2+bV+Yn+DtbUwhiFvVRaqZiI:b0OgWFe7rpXXS8JniFm2Co+2bUkiFOq

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file fssetup208.exe has been seen being distributed by the following 17 URLs.

http://dw.uptodown.com/dwn/dDlaKHwON89rRyACIgAo3o0UvFSWgGjebjtTnEtxk0U4IFPQEVmSQ7xxySTgX6XpFMjixJSXQ7X_oGfUuVC4fuIjTSkJac5VXQKN1zVUgL0tW2AcRVemh1T7fZcOn2ii/afuwTLf6v3Ig8IlaiX40koHcPhbAhtmVbc-emNDZWNgtpVRer9nzlkgwjfStWQoN4YOFYiXTwCnjyCML5fr6uXqX-T1YN_CmqL81EAczM2q4mQZRL65sjTXKT2eiqUw5/.../

https://dw.uptodown.com/dwn/YeyW7snSdX6CBRRKDenlwWcoQY1snWoFf_9cGbLzUKB53EYIOM6mj2o-lLuWcdiNI5v8mQrmRK7CyvbwcRmkpQXBttnw3qXhms3TgcEZAhqVSFoLf87Z5pDvV3ZYjKOL/AVENf98A-U4gTH9JVN0tNILK0CzHsKekfyCUKiAI3QgmQ2igE-EdAxmth-87cD_4dtiGpgki2nfs2ClXgYxHZz6qcY6XcgJKNJNqhJ8PGaEBoVctTTFlqGgjdukE1nMH/rS0nqghjQdD0CL_nANiNBVI3eUDYz0kCurlrWW2Qp0UnEqrYaafNw1O4E7DbBFyDcVooBnPeggctcli6UK65pPQweI2EOfetaWCVMJaflFycLVGHeyF4QeRf5u6aO8nh/.../

http://dw.uptodown.com/dwn/h2A2N9cYDb-r7w8mXozRBxRHJJg9S9F1B04NaxyN-JrNDhQz__SQszGIT6ALneJMeqIFoEeIlEOt3RFX6eXYEwKO1WwSPArzmDg-YciUx33-DRAltL8Leb0EclOAG72_/P6fyC6OjhVStuGuXmHpVrb6sUH4z5mBOUrSNBunHLL6oAtJZBYi5aRu1FmKAaimvC0usmetihwAwO3c_RTiKksnrw3jZzW0dSy6OoxEZD-RW1TKs7cVYg5sweo9tm6k8/.../

http://dw6.uptodown.com/dwn/ALCWIFpQeRpf7aJ8E8o_qfjp0ed9jPKOzHmcKEm-Q8DaXsmTY5NERmGvjm--ruNr3CFcXwVD90XGIgDZ6I8YrkhsgSVuFVMDwz2qGZZ2rF2saU8hbMWLGzMU9bGg7j9k/_JL9x6Xz-thRiwbbxJf-79Ip7VOqDMWeK3E0uLO1N3njYMCR7zQCTZ9k3EgoAhYt0d-h6ZbHSm3-Bcl4NAHJvK3EJk1Ur_AxDCIi3R4Ja0Kn7SmI04XkiSXgwGLM1IP1/61W7DlizSjx3cZL9bg0tOc2zcxDQTwfDg47_AGIdo5X2Nb9cOvR4Y1ft4LDSjhAqxsHwRuezNiGAb6AkS1psHmJb0STXMxmWKnDMDMDsTEburjvVTv2ucvDa1CFDN-mt/.../fotosizer-2-08-0-545-en-win.exe

http://dw.uptodown.com/dl/1443040042/.../fotosizer-2-08-0-545-en-win.exe

https://dw.uptodown.com/dwn/wFE7ZZPl_F9PbTVr5jNAVIdcuOUo7cFF8zgCI4o421xuU1UIc1oS8AOGNY3Yy4gcFa7VSWNMweLkJFN-eM-cauq1QCzpCqB_HapR6VD4aDQambPg0Mn8SPuDE0-LMO8B/WfogYH5xn-7Gez9-Yzl0Ea_SExnsefJP2szU2jcfS5jyZW3RcoV9EmKAxbw20dfF4XZDHxbhbNFoMNYFERwMmO7fxZ1lYceH7FWZn7-ovqAM8f6g2X3ObhoncobmDkDA/v-cd_GJFNFq8P6OSFLZ-PO-yDzNn1jDJDeD7E4wL4ZWA6GNrm61oD8Ft29M8fCjgQFUnXrFAQ1hMk8QbmnyB09b3dqmA6KVgrf-NKd6AM7UTSANMaC0DEfuZrMSgXozM/.../

http://dw.uptodown.com/dwn/p31i-N4FjVMeBqJSCpnEoxfJsz92xScSzMwrBNJUhgWOMFlrX4iB94_wX6bDCn-8Iu8XTwUhzO_HotyDD8v5OdFsKFHXPd2j5ScwmO3x4pmQxuaxOdGZao_PRJvH0le9/z2rirzr7xHCK5kmoheGLtzTdwEbx7oNjXLt8tFHB9_EKaNsLJvmdjDmTWbaeoUbKc-RuKysJret2rJAFQGkUM0CUGSMfp59Q1PiGhqQYLHizkcVcDywqUS4VI5-lSOla/yf9dmRzEXiOT1iRxgcIC4GMNAx3CWK885ck3_vavWH1lo-LBtsmfAV_N2ASj-N1cwZMTYLnV00Url1X61nYNa6UseYOp-z-vTHMAVET3CqyVvpxc8qVnFZmciTU0eZi4/.../

http://dl.cdn.chip.de/downloads/.../fsSetup208.exe

http://dw.br.uptodown.com/dl/1446038170/.../fotosizer-2-08-0-545-en-win.exe

http://dw.uptodown.com/dwn/fkUb43i3WwKsXGnpaO3sRRRLRlpOVgnOTRZpuTysTA6f0UB0hJGQflrTL_2sgSlgW4DZ_FHunrnRIINjT2SriWpFJ51zkyBuKHRGQCVsTjdQvLmOXaUQaTV87R7RMPfe/.../

http://dw.br.uptodown.com/dl/1444122921/.../fotosizer-2-08-0-545-en-win.exe

http://www.zdnet.be/.../fotosizer

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../fsSetup208.exe

http://www.fotosizer.com/DownloadHandler.ashx

http://www.fotosizer.com/Downloader.ashx

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/1031094/fsSetup208.exe?__cbodl__=1387981088_f93334234622aac89468f5722a0f4624&_chksum_=acea2bdc853ad345aa1e0d2e7e176e3c;ct=1;thc=1;b=1031094;c=1453102;tit=Fotosizer 2.8.0.545;url=http://www.computerbild.de/.../Fotosizer-1453102.html;sep=|;tce=|;tid=36930;tn=Bildgr??e ?ndern;tp=95|361;tc=95|361|36930;tpn=Software Kategorie|Grafik & Foto;cs=1

Scan fssetup208.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.