» fvdsuite_installer.exe
Overview
Analysis
File Details

fvdsuite_installer.exe

Kuzma Safonov

The application fvdsuite_installer.exe by Kuzma Safonov has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

Kuzma Safonov (signed and verified)

MD5:

49dc3315b8bbf3f767720847e11882fc

SHA-1:

eae51f04a84e959e5937eee6f63d8f349a98279b

SHA-256:

1eaff03d26601d37d809e1193c4f1ee7b237d76b5a684a2378fb3c09056b8646

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/25/2024 2:47:37 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.102.144

Dr.Web

Adware.InstallCore.53

9.0.1.083

ESET NOD32

Win32/InstallCore.AY (variant)

9.8801

F-Prot

W32/InstallCore.P.gen

v6.4.7.1.166

Reason Heuristics

PUP.Installer.KuzmaSafonov

15.3.24.13

Trend Micro House Call

TROJ_GEN.RCBH1B5

7.2.83

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.24.2

File size:

1.3 MB (1,314,840 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\fvdsuite_installer.exe

Digital Signature

Signed by:

Kuzma Safonov

Authority:

COMODO CA Limited

Valid from:

2/14/2012 6:00:00 PM

Valid to:

2/14/2013 5:59:59 PM

Subject:

CN=Kuzma Safonov, O=Kuzma Safonov, C=UZ

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D5508D7420AEF0F616CAA5346E80B7E0

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:5BTipS/pi8Y8fatf0Bz2qlrEURUE5eOTKGGwK4m5/rSm67wXyZMMlHEYWqPen6gt:5cpS/pi8Tfa10BiqlIURUE5eOTKG1K4e

Entry address:

0xCA950

Entry point:

55, 8B, EC, 83, C4, F0, B8, 80, 8A, 41, 00, E8, 08, EC, FF, FF, EC, CB, 07, 00, 00, CC, 07, 00, 18, CC, 07, 00, 2C, CC, 07, 00, 3A, CC, 07, 00, 4C, CC, 07, 00, 5A, CC, 07, 00, 70, CC, 07, 00, 7C, CC, 07, 00, 92, CC, 07, 00, A6, CC, 07, 00, B0, CC, 07, 00, B8, CC, 07, 00, C8, CC, 07, 00, D4, CC, 07, 00, E8, CC, 07, 00, F8, CC, 07, 00, 08, CD, 07, 00, 18, CD, 07, 00, 26, CD, 07, 00, 34, CD, 07, 00, 46, CD, 07, 00, 52, CD, 07, 00, 60, CD, 07, 00, 6C, CD, 07, 00, 78, CD, 07, 00, 86, CD, 07, 00, 9A, CD, 07, 00... 
[+]

Entropy:

7.2049

Developed / compiled with:

Microsoft Visual C++

Code size:

828 KB (847,872 bytes)

Remove fvdsuite_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.