home

ftalkv4.exe

fTalk

Koyote-Lab Inc.

The application ftalkv4.exe by Koyote-Lab has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.ftalk.com.
Publisher:
Koyote-Lab Inc  (signed by Koyote-Lab Inc.)

Product:
fTalk

Description:
fTalk Install

Version:
4.0.0.0

MD5:
8ad5051e52dd3bd7e114af22bf59bacd

SHA-1:
7fcb46fbce7a6b6ea6c84b7d145c185aaa3336ca

SHA-256:
079fae78b868e24e48826eda42da22c682502d858d221f77c4d6dc017eae1e7b

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:50:48 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2497
9.0.1.0153

Emsisoft Anti-Malware
Riskware.Win32.Toolbar.SearchSuite.AMN
8.14.06.02.03

ESET NOD32
Win32/Toolbar.SearchSuite
8.8606

MicroWorld eScan
Win32/Toolbar.SearchSuite
15.0.0.459

Reason Heuristics
PUP.Installer.KoyoteLab.H
14.6.2.15

Sophos
Generic PUA FJ
4.98

Trend Micro House Call
TROJ_GEN.F47V0322
7.2.153

File size:
971.3 KB (994,656 bytes)

Product version:
4.0.0.4087

Copyright:
Copyright (c) 2011

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ftalkv4.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/22/2012 6:00:00 PM

Valid to:
2/21/2014 5:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
4/10/2010 7:19:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:l0ab86KDRVuKAB4kvqD+yVczbD/grzzJuKAB4kvqD+y0pDqx:l66KdVuxXi3DJuxXi8o

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.8251

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file ftalkv4.exe has been seen being distributed by the following URL.

http://download.cdn.ftalk.com/cdn/o/1/r/.../fTalkV4.exe

Remove ftalkv4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.