» FactFire2014123014.exe
Overview
Analysis
File Details
Programs (1)

FactFire2014123014.exe

Fact Fire

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file FactFire2014123014.exe by Fact Fire has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Fact Fire by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

Fact Fire (signed and verified)

Version:

1.0.5477.11490

MD5:

bcd8427059ac1415f2d4b23eb6164531

SHA-1:

5d79707a9f67464b59d27184e414b5a82fd5b53d

SHA-256:

02e298bb461fc27041ee496d155fa06550ff3b4eae56c5f86ad0848505dd7ec1

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/20/2024 11:43:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

17.3.12.8

File size:

512.2 KB (524,528 bytes)

Product version:

1.0.5477.11490

Original file name:

FactFire2014123014.exe

Language:

Language Neutral

Common path:

C:\Program Files\fact fire\bin\tmp7da6.tmp

Digital Signature

Signed by:

Fact Fire

Authority:

VeriSign, Inc.

Valid from:

11/19/2014 6:00:00 PM

Valid to:

11/20/2015 5:59:59 PM

Subject:

CN=Fact Fire, O=Fact Fire, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5B70F89CFCCA24F1F741F575A33A7EDD

File PE Metadata

Compilation timestamp:

12/30/2014 8:23:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

Entry address:

0x7FC3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9198

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

503.5 KB (515,584 bytes)

The file FactFire2014123014.exe has been discovered within the following program.

Fact Fire by Yontoo Technology, Inc.

Fact Fire is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

firemyfacts.com/support

88% remove it

Remove FactFire2014123014.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.