home

fsviewersetup42.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.ex.ua and multiple other hosts.
MD5:
23d8594efa71b89967932a8c86d30c4e

SHA-1:
96197405d121e4499ff29cc7afd4811602d29dcf

SHA-256:
9923b1be841b0c12961500d9bee09e7a1dbe217fe8ab514a5f1514a78cb919b6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:11:51 AM UTC  (today)

File size:
4.5 MB (4,769,574 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
6/7/2009 12:41:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:COW0xVXmovqL+HsP+7d4jceP5DJbmRGlEN+X+0JrW5plRxpvK:COW0+V4s6dGxaRGly9plFi

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9990

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file fsviewersetup42.exe has been discovered within the following program.

FastStone Image Viewer 4.6  by FastStone Soft
FastStone Image Viewer is an image viewer and organizer for Microsoft Windows, provided free of charge for personal and educational use.
www.faststone.org
10% remove it
 
Powered by Should I Remove It?

The file fsviewersetup42.exe has been seen being distributed by the following 2 URLs.

http://www.ex.ua/.../5174902

http://www.faststonesoft.net/.../FSViewerSetup42.exe

Scan fsviewersetup42.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.