home

130214_f2.exe

FunMoods

Fun and Moods

The application 130214_f2.exe, “Setup ” by Fun and Moods has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.wikizu.net.
Publisher:
Setup ©   (signed by Fun and Moods)

Product:
FunMoods

Description:
Setup

Version:
2.18.6.0

MD5:
3119d0951ed735ef39ec0c732bc23768

SHA-1:
f7fa4dea513f25e84a1bdfb1b74350b87499c567

SHA-256:
26d4be0d261be6af5c5628b0e3535f93f3f79a023f3dd7ed1566f20a0c38f7b4

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 12:35:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.FunandMoods.J
14.4.13.17

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

File size:
1.8 MB (1,903,112 bytes)

Product version:
2.18.6.0

Original file name:
FunMoods_2.18.6.0.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\130214_f2.exe

Digital Signature
Signed by:
Fun and Moods

Authority:
COMODO CA Limited

Valid from:
1/9/2014 12:00:00 AM

Valid to:
1/9/2015 11:59:59 PM

Subject:
CN=Fun and Moods, O=Fun and Moods, STREET=28 Lilienblum St., L=Tel-Aviv, S=Tel-Aviv, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BC1B58EB9A15EFC94509ED7525234EAC

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:K8m6HG9TGnq3aMZtiHzSYCsnsBH67sO99EpmZx:7bHGTiHBZnkH67DPEpM

Entry address:
0x78B38

Entry point:
55, 8B, EC, 83, C4, F0, B8, 08, 88, 47, 00, E8, 18, EC, F8, FF, 33, C0, E8, 65, EB, FF, FF, E8, 5C, C3, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
479 KB (490,496 bytes)

The file 130214_f2.exe has been seen being distributed by the following URL.

http://www.wikizu.net/.../300614_f2.exe

Remove 130214_f2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.