home

setup.exe

Fotor

Chengdu Everimaging Science and Technology Co., Ltd

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from swvgdtt-gateway.amazon.com and multiple other hosts.
Publisher:
chengdu Everimaging.Inc  (signed by Chengdu Everimaging Science and Technology Co., Ltd)

Product:
Fotor

Version:
2.0.2

MD5:
0b33d129c1ecef2510738a0d60a4d134

SHA-1:
8c94618474ddd70896344c5c300c66c9ebc10276

SHA-256:
0b7c8fefc5006e328b2c9946a3b1800e32f63a4a42c07f314daed9601a8cde8a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 3:11:22 AM UTC  (today)

File size:
58 MB (60,830,872 bytes)

Copyright:
Everimaging

Trademarks:
Fotor

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\install\setup.exe

Digital Signature
Signed by:
Chengdu Everimaging Science and Technology Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
10/14/2013 4:00:00 PM

Valid to:
12/14/2014 3:59:59 PM

Subject:
CN="Chengdu Everimaging Science and Technology Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chengdu Everimaging Science and Technology Co., Ltd", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05C17C5E79410A34A075F9138192D0D2

File PE Metadata
Compilation timestamp:
6/18/2009 1:33:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:VzJnsqFHAqXlb+EJj78jPhfJcSZyDnewrm:VlJhHXZ+EZ78PAtpq

Entry address:
0x3121

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 5C, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 3F, 42, 00, E8, A2, 2C, 00, 00, A3, 64, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 24, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 50, 91, 40, 00, 68, 60, 36, 42, 00, E8, 2B, 29, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 19, 29, 00, 00...
 
[+]

Entropy:
7.9994

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following 31 URLs.

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/ac66bda8-4703-4f94-925e-78c32fcff843/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

http://1.csillagpor.hu/fotor.exe

http://ftp.vector.co.jp/64/73/.../Fotor_v2.0.2_Setup.exe

http://f3.softwaretop.net/tmp/cf/soft/2014/5/ba/.../fotor_202.exe

&onid=2192&oid=3001-2192_4-75901678&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=digitalphoto/photo-editors&topicbrcrm=&pid=13743257&mfgid=10146047&merid=10146047&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=cca78d5f3565c545b1ff151e&viewguid=f7lH5WgXMaGgF--Oejhjahq@1PQnIm8WiVDw&destUrl=http://files.downloadnow.com/s/software/13/74/32/.../Fotor_v2.0.2_Setup.exe

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/e1086337-27a9-4265-8ddb-f829b0190246/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

http://dl.cdn.chip.de/downloads/.../Fotor_v2.0.2_Setup.exe

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/492629b1-d5b4-445c-8717-e6f1bf5eaa15/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

http://telechargement2.pcastuces.com/temp6bs2/.../Fotor_v2.0.2_Setup.exe

https://docs.google.com/uc?export=download&confirm=19bB&id=0B6HP-nHZY9PYSzA1UWpyMDYtQVk

http://download.forest.impress.co.jp/pub/library/f/fotor/.../Fotor_v2.0.2_Setup.exe

http://fotor-photo-editor.soft32.com/get/file/.../1226982?lp=dsa&tg=pt&kw=_inpage:08bce2d9a3206bf0d7143d86833197a8534fabc6&mt=b&ad=63150943878&pl=&ds=s&redirect=true&uid=1424977183ced94fe52b4e057f227cbacbceb6c997&_ga=223749170.1424977181&gclid=COv-88-lgMQCFYGWtAod0BsAkA

http://flash.everimaging.cn/download/winfotor/.../Fotor_v2.0.2_Setup.exe

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/fcdcdc90-1c12-41e1-af0d-f37645030462/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

https://d1ob5g40gc5b6g.cloudfront.net/41/408287/.../Fotor_v2.0.2_Setup.exe

http://c236.y8top.net/2107tmp/cf/soft/2014/5/ba/.../fotor_202.exe

http://storage.dobreprogramy.pl/.../Fotor_v2.0.2_Setup.exe

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/537d922f-9555-4d55-8da5-6cb888de9d04/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

http://files.snapfiles.com/.../Fotor_v2.0.2_Setup.exe

http://files.freetrialdownload.com/41/408287/.../Fotor_v2.0.2_Setup.exe

http://dl-vip.appstore.baidu.co.th/.../Fotor_v2.0.2.exe

http://dwn2.cdnsoft.org/fas/HZ2mv6s6TvLERL5faT7lOA/1448554198/.../Fotor_v2.0.2_Setup.exe

http://www.lazybearfiles.com/userfiles/executables/.../Fotor_v2.0.2_Setup.exe

http://www.download.dk/manuel_load/multimedie/billed-behandling/.../56841

http://szoftverhotel.hu/d.php?file=fotor_2.0.2.exe&p=1443712016.2101

http://f20.softwaretop.net/tmp/cf/soft/2014/5/ba/.../fotor_202.exe

https://swvgdtt-gateway.amazon.com//gateway/stream/thin/win/432f73c7-b117-4f1a-bc02-abf99055aac4/Fotor_for_Windows_Downloader/.../Fotor_for_Windows_Downloader.exe

http://download.s32cdn.com/41/408287/.../Fotor_v2.0.2_Setup.exe

&onid=2192&oid=3001-2192_4-75901678&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=digitalphoto/photo-editors&topicbrcrm=windows software&pid=13743257&mfgid=10146047&merid=10146047&ctype=dm&cval=NONE&devicetype=desktop&pguid=eaa0d8b1e1eb20cf86cfda87&viewguid=RazGdtV4jGOZ4ruR7EZPh2@@hwhGXOAZGOwe&destUrl=http://software-files-a.cnet.com/s/software/13/74/32/.../Fotor_v2.0.2_Setup.exe

http://files.downloadnow.com/s/software/13/74/32/.../Fotor_v2.0.2_Setup.exe

Latest 30 of 31 download URLs

Scan setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.