home

Funshion.exe

Funshion

Beijing Funshion Online Technologies Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Funshion’.
Publisher:
Funshion Online Technologies Ltd.  (signed by Beijing Funshion Online Technologies Ltd.)

Product:
Funshion

Version:
2.4.5.27

MD5:
69ed00d5d48c71065da6db8bd72101c1

SHA-1:
24c07f478628bf2c954c3e1967b75ecfbcfaa0a6

SHA-256:
2fd7cb13e85645c3bf0e7eddd7c2d5d618520a437ea96a14ab751052bc10ee3b

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 5:18:02 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Funshion
v2016.01.27.11

Trend Micro House Call
TROJ_GEN.F47V0510
7.2.27

Vba32 AntiVirus
Worm.WhiteIce
3.12.24.3

File size:
2.4 MB (2,527,984 bytes)

Product version:
2.4.5.27

Copyright:
Copyright 2005-2011 Funshion Online Tech. Ltd.

Original file name:
Funshion.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\funshion online\funshion\funshion.exe

Digital Signature
Signed by:
Beijing Funshion Online Technologies Ltd.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
7/13/2010 5:00:00 PM

Valid to:
8/2/2012 4:59:59 PM

Subject:
CN=Beijing Funshion Online Technologies Ltd., OU=SECURE APPLICATION DEVELOPMENT, O=Beijing Funshion Online Technologies Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
6C54C3BD23B7B994982B2DA0FA1E29F7

File PE Metadata
Compilation timestamp:
11/29/2011 2:59:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:yzx8dMGYrYalwQisnP/pI9UQRt3DqfGtKlGwo9apZzJFhG:y1ERYrYDQiIp8bDqfGwoMhFhG

Entry address:
0xBEBAF

Entry point:
E8, F6, 65, 01, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, 06, 7E, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, F7, 95, FF, FF, 83, C4, 14, 83, C8, FF, E9, A1, 00, 00, 00, 8B, 45, 0C, 3B, C3, 56, 8B, 75, 08, 74, 21, 3B, F3, 75, 1D, E8, D7, 7D, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, C8, 95, FF, FF, 83, C4, 14, 83, C8, FF, EB, 74, 3D, FF, FF, FF, 3F, C7, 45, EC, 42, 00, 00, 00, 89, 75, E8, 89, 75, E0, 76, 09, C7, 45, E4, FF, FF, FF, 7F, EB...
 
[+]

Code size:
1.8 MB (1,875,968 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Funshion

Command:
C:\Program Files\funshion online\funshion\funshion.exe startbywindows tray


Scan Funshion.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.