home

openfm_setup.exe

OpenFM

GG Network S.A.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from im-updates.gg.pl and multiple other hosts.
Publisher:
GG Network S.A.  (signed and verified)

Product:
OpenFM

Description:
OpenFM - instalator

Version:
3.0.4.188

MD5:
821babd488b433c3eea54254663ed2b3

SHA-1:
4c936997b554a46f94bb64e2e23876db7cf92215

SHA-256:
a503a646fe5f36cf280a67311d4b5e4dad875b83151d1c8372b9d5d451494c98

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/25/2024 8:41:03 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
TrojWare.Win32.Injector.AHSP
19401

File size:
19.2 MB (20,128,936 bytes)

Product version:
3.0.4.188

Copyright:
© GG Network S.A. 2014

Trademarks:
© GG Network S.A. 2014

Original file name:
openfm_setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\openfm_setup.exe

Digital Signature
Signed by:
GG Network S.A.

Authority:
Thawte, Inc.

Valid from:
3/3/2014 1:00:00 AM

Valid to:
3/7/2016 12:59:59 AM

Subject:
CN=GG Network S.A., O=GG Network S.A., L=Warsaw, S=Warsaw, C=PL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5BF241ADE6D4C1C6C7D8593A5A33A79A

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:jY1lMxAl5Yb8IgzNGNXpUgoY+4w3V4K2EJIJfNrTH03pEIJaMVNZ3Z:jYDd5YbVg5GeY+b/wTHs0Mz

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file openfm_setup.exe has been seen being distributed by the following 19 URLs.

http://im-updates.gg.pl/elwood/app/release/3.0.4.188/standard/WINNT_x86-msvc/.../openfm_setup.exe

http://files-download.poradnikdogry.pl/InternetISieci/RadioInternetowe/.../openfm_setup.exe

http://www.bytesendclear.com/6LU_Wshlfp ybOHgui nTFdQRYD9BkbLwe_Cgq_dj0Y ZD4DY7gsQx06 AZGhXMBRKy2aOJ4FubKEKntRAGIxDKuy6mA 2YEm10jRWPlEtkCjbucMRtpL4M9oeNgMJebbvypxmZ5qaDB GWLAoE24zoO8eC4nZBFvPusFBm0LHt5sZNTFDyqsi51Na 5JNbXdnHZvHp2rhU2B2xmPgMSnPghUVuE7Iqk6HQ9LTNlHe8qW3QuOYVNYhFXzrL5DKGjeoLx_hE5Xb8HXdoNXmIpwsKyqq2oPPvSA8_6lhBRMYnrhar q16AaXKtpdYhf8ZDSzHTJMRGXikHXk6acLU6D2 icZOekBVk_XZLi IMBm9ENsZi4Y3qn4E3Zz O1ZpCdWdvHfAeY3siMVl_4aBrs2TfMUnH6Ok8DV5S2Vl7RbzM 3 9 EKxIUwbhI6TFJSayw RYXCFDCg8_46S4VwVhjXL7EJbcS2NEDAd2PfBNjLjZgrVJNpXhwI1KuF5bSK5PHpPr6JgvdkL2ruLKqCQWBsD6Yr6qRdeGBuLkgUZ6FsfVys3E7BnZ2Glq4DAF6b418 TpCo Wf90pvTVW_whc8Di_jKGRI6MpMDuZ6rfnK8fK3DPU_4=-G10AAGR1Tqq1xo3o8UAADjlw NJA4RAABBM5kaAtOT1rTFGJ7hi29cirpR rtT1 2CZ8D0yR9HXZY8yrfuW2vjW6rV6oQbs2c3rW171B_dU=-E

http://www.bytesendclear.com/7g5WCTYE1Ka xqXDqGBP5DyYpfZZTt9Zly9Kwf5ZyoOUHpbo2IO3KHunCMGyiRpyNv4WGT0QFJJCXbZj6vOfTkV9TsXb47Xeze7h8d_W 1L3VB0ld6L4fIVwaMP9PyNtGhemYce__xTgdnty1otAff61LKX0sX2FyaPe_VKUmlO1DWpIaOiWC51_9bwUoH3lN_3Y7rVZtEAdpsSaXPW4fONRghc_4nb4_UzSpKyaeBJGI0jxI2Tb1LKB_f1zmzlftjL zW1JjJeQqm Erem rSCfmueBMyeLCTb0OHiPYo zQdizL9TynldOpCxgC2lHFbPYtTHdTOjm2LR_4fsahPSlcQyVYpwIOb7deBM6d_t8VznoRnKozY7KzuclHWqP8zumg1sTaNIGiPh49HVN6aMyHX5zCoi2XHIXmRmUFhaQ5Xn4_i3TbqDg9_Gjcr7 paMYHiahBst8ZBFFJQqeL7XQdhxfMnFKdxt9QxeOQ7IWbs4jT5nF8KNblENY iJdalmHNcsLfZlfyGSQJisc9_AYS3qVcjLswMZkakJfH6ZOaGQdYOUvMYCUPsW_k16q5RQBR_Jqy06mbBIsJE3ONhz BlhxhQ==-G10AAGR1Tqq1xo3o8UAADjlw NJA4RAABBM5kaAtOT1rTFGJ7hi29cirpR rtT1 2CZ8D0yR9HXZY8yrfuW2vjW6rV6oQbs2c3rW171B_dU=

http://www.bytesendclear.com/jpDOYmqoaJzrE_sg3pRqBoIROMBBJ4vetGphrFgHAIbfH8qXaGSMtKuDK_MuBnKcnS0qt4nyeaqYUOCpQoIDQSjn4tzdP3bE85Ez uwFEhTXSEIZaYecp5ZN2CnuxPKPK6kycbno7LgvwspKVDMmnSXKItXSk VVcDph9tMrGE4bWHPK1zP53vtSdMqKuHTiYE4k5zQ5Tsu2U4yvAZIJwopVwn4B6L0rUt39unDBLqx8ByRFQT4_rsuSERujv1tbrA u_h4 QuKDVV_ukwJqSCHq3IIjEhYky2 tySFOHoSs9pF8X7YjLfNA6650tDGu3FXu6uo48ZE7IEDRXLqCfKfy1y9J23hrWq_uew1GVLbMqGMEgk2G822QRlUIwmWJGD0IStL_kxuc0qOHUHp09pzbebycBTZmCVeq71WO_fo0SueJNjB1sU3LzTNTVx5DqOYicrvQ3N7pdLKJw43fnLij_1kNA0CexjHbFpfe7TS_U3P55GWiPtv5VPZAlvzXnAnBLQKcnPjHHdrIJT52P_MLdpYNosBQ_CVFpppMnlTiQk3YFs3O96K4oz9roXux_KC_88fuBk9JA2ydnDrP1rmX3GRjVUhjuyEFiQschLN9DIMSrOU=-G10AAGR1Tqq1xo3o8UAADjlw NJA4RAABBM5kaAtOT1rTFGJ7hi29cirpR rtT1 2CZ8D0yR9HXZY8yrfuW2vjW6rV6oQbs2c3rW171B_dU=-E

http://pobierz.pl/wp-content/uploads/2016/.../openfm_setup.exe

http://www.bytesendclear.com/WVl6OTRQWFpqTkU1dFlrZ3pNSEkwUTBoMk9GTmpiVlJoTmxwSWFXOXdZbVZ3UzFwRGVYUnpRM2RDT0RkRFZXc2xNMFFtWXoxdWJtZzVXVFZTYTJKNmQyOVFaSHBFUW5adlluVTFkRTFDTjFsSVZtbDNTMU5UVFRoT1dFVm1NblZEU0U1cFRHbDRNM0ZSVTNZeWJEaGlhV3R5ZVZSWmNuRldSbXBZZFVwS1Z6TjZUMlZUVUVWWE4wYzVVRmh6VVZOS1VHMTRXWE5NZWxRemVVWlpTR1o2Y0VOV2N6bHRaazRsTWtaVFkwdHVla2hGZVZvMFJGTlhRbmR3VTFGeFZXSlJTRWRqVDFsSlZIVnZUMmRtZHlVelJDVXpSQ1psUFRFbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0yRWxNbVlsTW1abWFXeGxjeTFrYjNkdWJHOWhaQzV3YjNKaFpHNXBhMlJ2WjNKNUxuQnNKVEptU1c1MFpYSnVaWFJKVTJsbFkya2xNbVpTWVdScGIwbHVkR1Z5Ym1WMGIzZGxKVEptVDNCbGJrWk5KVEptYjNCbGJtWnRYM05sZEhWd0xtVjRaU1prYjNkdWJHOWhaRUZ6UFU5d1pXNHJSazByTXk0d0xqUXVNVGc0TG1WNFpRPT0=

http://www.bytesendclear.com/WVl6OTRQVFJZVUhOak1uTXdaMDVJVGpCbVEyVjZaSEp3Yms1U05WSnBWbmxuYkZoUWFDVXlRbFZVV1ZWd1JTVXlRbGxWSlRORUptVTlNU1pqUFdWRU5sSXlTMmx6VEhWeVdYVkVhVzQxYURaakpUSkdha3QwUkV3Mk1uSTBjVTQzTkVGWGJUVllRVzF4ZFhocmJIRm9Ra1JyUjJWTWNEZDFOMjlCVkRWV1Vtb2xNa1puU0doV2FITXdRMnBYYkZodVNtRkdRU1V5UWxaVWEwMWxUVUZxYm1ZbE1rSlNielJqUTJkNVNtWlRVVWxQSlRKQ04wNTVWM1pDY1hoSFJWTjNjVGhCYzBKcU1tMGxNa0o1ZVVWUWRuZHlNbTFuTTA0MGFrTnlla2t4UVNVelJDVXpSQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabVpwYkdWekxXUnZkMjVzYjJGa0xuQnZjbUZrYm1sclpHOW5jbmt1Y0d3bE1tWkpiblJsY201bGRFbFRhV1ZqYVNVeVpsSmhaR2x2U1c1MFpYSnVaWFJ2ZDJVbE1tWlBjR1Z1UmswbE1tWnZjR1Z1Wm0xZmMyVjBkWEF1WlhobEptUnZkMjVzYjJGa1FYTTlUM0JsYml0R1RTc3pMakF1TkM0eE9EZ3VaWGhs

http://www.bytesendclear.com/WVl6OTRQWEJsWmprMVRYVkpXRmwwSlRKQ1RIaFJiVU5uWjI1bWFtZGFjU1V5Um10UWRrbExaVTlqT1RaVWJ6UXlNbEEwSlRORUptTTlPVGROTkd0Q00weHFVV3Q1VlVzNWVTVXlSbWd4WTBGTUpUSkdVRXBOVlRKM09EQkdTelpYUzJnMFIwTnhkemRQY1dGaWF6WXlXV3N6VFZGb2FVWlViMVp4UVZOdmFEZE9kQ1V5Um1keWIzTlZSMDV3ZGpWR1VEbGpkVTFSY0dWUFJIcDBKVEpDZVVwUFNXaEJhMnN4ZUVWdWNFRjRSbVZIUlhkbFkzUkdlbFY2VHpGcFkxZDVSelEwYkdKcWNHc2xNa1paTVZrMGVXNU9ZMVZ1VlZoMWR5VXpSQ1V6UkNabFBURW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWm1hV3hsY3kxa2IzZHViRzloWkM1d2IzSmhaRzVwYTJSdlozSjVMbkJzSlRKbVNXNTBaWEp1WlhSSlUybGxZMmtsTW1aU1lXUnBiMGx1ZEdWeWJtVjBiM2RsSlRKbVQzQmxia1pOSlRKbWIzQmxibVp0WDNObGRIVndMbVY0WlNaa2IzZHViRzloWkVGelBVOXdaVzRyUmswck15NHdMalF1TVRnNExtVjRaUT09

http://www.bytesendclear.com/WVl6OTRQV0pzVEU1WVNXRkNXWGxCTTJZbE1rWlhRMGxHVVhkbE5VMXlkWHBKVFdwelVtWk5jamhZVFhGTE5XWkxieVV6UkNaalBXWnVaMlJ4UWt0VldqVkNjVUZLTkdsWlZYZEJkR1JWVm10U1JFRk9jVUZNVDBkVGVWUTFTbGg1Wm5ObmMyVkVVbkJhV25wd2FXZ3lVa0UyV1hCT0pUSkdOWHAwWmxOV1UyUnFjV01sTWtaT2FFUTJSSGM0YWlVeVJqTlRPREZ0VTFGdVJVNVBNWFo2TlRKNVNubFlhWEY2UXpacGFFWm9kVWgxUVhWcVVYbDNla05hU0VwbFFtZENlR3hpU0hrbE1rSXdKVEpHYWpaT2R6WjJNbTVxTm1jbE0wUWxNMFFtWlQweEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVptbHNaWE10Wkc5M2JteHZZV1F1Y0c5eVlXUnVhV3RrYjJkeWVTNXdiQ1V5WmtsdWRHVnlibVYwU1ZOcFpXTnBKVEptVW1Ga2FXOUpiblJsY201bGRHOTNaU1V5Wms5d1pXNUdUU1V5Wm05d1pXNW1iVjl6WlhSMWNDNWxlR1VtWkc5M2JteHZZV1JCY3oxUGNHVnVLMFpOS3pNdU1DNDBMakU0T0M1bGVHVT0=

http://www.bytesendclear.com/WVl6OTRQVGhzSlRKQ01FTk9iM2xQWmtGcmRFdE5ObGN3WkRCNlVIRnVVM2wxYzNoYVdIUlpXalUwZDNwR0pUSkdUWFozSlRORUptTTlUMXBvYzJkalNUVndiaVV5UWxaS1NqVkdSVUpwVTFwNVltZ3lSRVUxZEdocVYzbGtja1ZsZDB4UGMwb3haVFZPYVc1UFZFZ3hNalpJZEZGd1RYbHJkalJMWVRBMUpUSkdjSGt6YVZrM016ZGFiVE5ZU21KTGJYQTVOblJ2YmxabFVEZDFZbTVsUkVWeGVrRklRMGRQUzI0d2NVbDVlVE16VkZSRU1FZERablE1YjNORGRDVXlRamxVYnpZeldDVXlRbFprYlNVeVFubFJUVXRzV0VOblp5VXpSQ1V6UkNabFBURW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWm1hV3hsY3kxa2IzZHViRzloWkM1d2IzSmhaRzVwYTJSdlozSjVMbkJzSlRKbVNXNTBaWEp1WlhSSlUybGxZMmtsTW1aU1lXUnBiMGx1ZEdWeWJtVjBiM2RsSlRKbVQzQmxia1pOSlRKbWIzQmxibVp0WDNObGRIVndMbVY0WlNaa2IzZHViRzloWkVGelBVOXdaVzRyUmswck15NHdMalF1TVRnNExtVjRaUT09

temp:openfm_setup.exe

http://www.signtowntoday.com/WVl6OTRQVGRGUzJWelVVdFRhVmxqYVhoaUpUSkdSa1kwWjBJM1VrTk1aRWhKUzBacloyczVPREpKVHpWYVpsazVOQ1V6UkNaalBVcHdVbkJpZWpob1EwTXlNazVRU0d4UmNIWndlVUpSWkhNd1JGbDFORlJPVURORWNsTTRZVlJXZDFvd1ptdFNhMGxNZFVoUGEzaEhZeko2WVRoQlNDVXlRa1ZqYVZsaGVVVm9RV0l4TlUxeFVuTm1OMHRTSlRKQ05FMXJTVTVHSlRKQ09FSTFkVGd5V0RCbmEyeFZWVWtsTWtadlUwY3lja0p0V0cxUGF6WkhSVzlXVDNONlJ6RlRSSG9sTWtKWGQxcHpkM0JNUkVKbVEzZHFlSGgwY1djbE0wUWxNMFFtWlQweEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVptbHNaWE10Wkc5M2JteHZZV1F1Y0c5eVlXUnVhV3RrYjJkeWVTNXdiQ1V5WmtsdWRHVnlibVYwU1ZOcFpXTnBKVEptVW1Ga2FXOUpiblJsY201bGRHOTNaU1V5Wms5d1pXNUdUU1V5Wm05d1pXNW1iVjl6WlhSMWNDNWxlR1VtWkc5M2JteHZZV1JCY3oxUGNHVnVLMFpOS3pNdU1DNDBMakU0T0M1bGVHVT0=

http://static.im-updates.gg.pl:8088/elwood/app/release/3.0.4.188/standard/WINNT_x86-msvc/.../openfm_setup.exe

http://softonet.pl/wyslij48940-1.html

http://www.programosy.pl/.../pobierz,openfm,2.html

http://updates.open.fm/files/projectName,elwood/version,3.0.4.188/channel,release/distribution,standard/platform,WINNT_x86-msvc/.../openfm_setup.exe

http://updates.open.fm/files/projectName,elwood/version,latest/channel,release/distribution,standard/platform,WINNT_x86-msvc/.../openfm_setup.exe

http://updates.open.fm/files/elwood/.../windows

Scan openfm_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.