home

codecfix.exe

Setup Factory Runtime

The application codecfix.exe, “Setup Application” has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from am4-r1f7-stor02.uploaded.net and multiple other hosts.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.5.0.0

MD5:
3253cb49414ddea6de52687e521548d6

SHA-1:
aa7391b774b4fd4896b1c97e481a317d8fe4be13

SHA-256:
7a586b74c605ac0a196a6957cdfd158dda1d35824047593de579115de25f81b8

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/27/2024 8:40:11 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Genome
4.0.3.151230

Dr.Web
Trojan.FakeAV.18460
9.0.1.0364

Fortinet FortiGate
W32/Genome.WOYF!tr.dldr
12/30/2015

F-Secure
Gen:Variant.Adware.Kazy
5.15.21

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.1.9.5.0

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.892

Malwarebytes
PUP.Optional.OutBrowse
v2015.12.30.12

McAfee
Artemis!3253CB49414D
5600.6535

Panda Antivirus
Generic Suspicious
15.12.30.12

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1077

File size:
2.1 MB (2,216,523 bytes)

Product version:
9.5.0.0

Copyright:
Setup Engine Copyright © 2004-2015 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\codecfix.exe

File PE Metadata
Compilation timestamp:
2/9/2015 4:57:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:XC2lJmXbj5DIwbQea1LPEyK7r385JD3d6cIWhVPJbxcsN7duk:XzlkbFDVrQMyOr3S3d6cLhV1xciZ

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.8403  (probably packed)

Code size:
22 KB (22,528 bytes)

The file codecfix.exe has been seen being distributed by the following 2 URLs.

http://am4-r1f7-stor02.uploaded.net/.../cf224d9d-77af-4f02-a986-2fbd88b631c0

http://am4-r1f7-stor02.uploaded.net/.../ec72eef3-b351-4352-8da8-9c53bbd0d6c2

Remove codecfix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.