» fTalkSetup-r20-n-bc.exe
Overview
Analysis
File Details
Downloads (9)

fTalkSetup-r20-n-bc.exe

fTalk

Koyote-Lab Inc.

The application fTalkSetup-r20-n-bc.exe by Koyote-Lab has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.cdn.ftalk.com and multiple other hosts.

File name:

Publisher:

Koyote-Lab Inc. (signed and verified)

Product:

fTalk

Description:

fTalk Install

Version:

4.0.0.4326

MD5:

8c3ac754b767f4557b2a33bcd56c760e

SHA-1:

805c6a29f9303246edb5f589fcc597f425b1f15e

SHA-256:

2093483d9887a6995525f4dbaeb3cca85755a555c26f65fc9a8b0c5d55fe879b

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

6/1/2026 11:02:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

W32.Cloddfb.Trojan

1.3.0.4562

Boost by Reason

Adware.Installer.KoyoteLab.T

2013.8.29.5

Dr.Web

Adware.Downware.942

9.0.1.0241

Malwarebytes

PUP.Optional.Bandoo.A

v2013.11.27.01

Reason Heuristics

PUP.Installer.KoyoteLab.T

14.3.1.0

File size:

1.2 MB (1,293,184 bytes)

Product version:

4.0.0.4326

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ftalksetup-r20-n-bc.exe

Digital Signature

Signed by:

Koyote-Lab Inc.

Authority:

Thawte, Inc.

Valid from:

2/22/2012 4:00:00 PM

Valid to:

2/21/2014 3:59:59 PM

Subject:

CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata

Compilation timestamp:

5/30/2013 1:09:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:cqGBsEDav7+NWfcRG44M8FYFxwjTnDxe6At:Khav7+PRr8OFUTn9e6At

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Entropy:

7.8697

Packer / compiler:

Nullsoft install system v2.x

Code size:

29.5 KB (30,208 bytes)

The file fTalkSetup-r20-n-bc.exe has been seen being distributed by the following 9 URLs.

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r244-w-bc.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r135-n-bf.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r192-n-bc.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r237-n-bc.exe

http://download.ftalk.com/fTalkSetup.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r135-n-bc.exe

http://download.ftalk.com/.../fTalkV3.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r255-w-bc.exe

http://download.cdn.ftalk.com/cdn/r/.../fTalkSetup-r20-n-bc.exe

Remove fTalkSetup-r20-n-bc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.