cartoonize_fb.exe

Setup Factory Runtime

The application cartoonize_fb.exe, “Setup Application” has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdn.clping.com and multiple other hosts.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.0.4.0

MD5:
9810ee9c5192d51e385ae916eb5e3824

SHA-1:
20569a5c29b4847d9b6b7cdd51825a8f2b28806f

SHA-256:
e388d5875f645d4e58cdf3156a015eabdf6d7149d63e3f058537519dba0b6a43

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/23/2024 10:09:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
ASD.Prevention
2012.10.15

ESET NOD32
Win32/Toolbar.Babylon (variant)
9.10520

Trend Micro House Call
TROJ_GEN.F47V0808
7.2.191

Zillya! Antivirus
Dropper.Injector.Win32.53874
2.0.0.1945

File size:
4.6 MB (4,791,359 bytes)

Product version:
9.0.4.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cartoonize_fb.exe

File PE Metadata
Compilation timestamp:
12/16/2011 7:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:2YRVffkDbJ9Dld6uxcodQWape15a91Ut/ho8UhCK4XuubiUUftNfS:2YRKDNRj6uGSP1MnM/hnUh4X2UQtNfS

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.8988  (probably packed)

Code size:
22 KB (22,528 bytes)

The file cartoonize_fb.exe has been seen being distributed by the following 3 URLs.

http://cdn.clping.com/cartoonize_fb.exe

Remove cartoonize_fb.exe - Powered by Reason Core Security