codecfixtool.exe

Setup Factory Runtime

The application codecfixtool.exe, “Setup Application” has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from fra-7m21-stor08.uploaded.net and multiple other hosts.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.5.0.0

MD5:
218e30e1fd6457786b304f04e8b97860

SHA-1:
3b8ce7333f02ca74d142a55b381a8361c6b6118b

SHA-256:
be5a88e8a93d0ab33620a33a22deaa08e80626aae80cfcccbcee7eac6cc03872

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:26:29 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Yakes!c
2.1.4+

AVG
Dropper.Generic_c
2017.0.2805

ESET NOD32
Win32/TrojanDropper.Addrop.AD
10.13128

Fortinet FortiGate
W32/Yakes.AD!tr
3/13/2016

IKARUS anti.virus
Trojan-Dropper.Win32.Addrop
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.214.18963

Kaspersky
Trojan.Win32.Yakes
14.0.0.560

Malwarebytes
Trojan.Dropper
v2016.03.05.10

McAfee
Artemis!218E30E1FD64
5600.6461

Panda Antivirus
Generic Suspicious
16.03.13.06

Qihoo 360 Security
QVM41.1.Malware.Gen
1.0.0.1120

Reason Heuristics
Adware.Dropper.ET (M)
16.8.1.0

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
47780

File size:
2.9 MB (3,048,499 bytes)

Product version:
9.5.0.0

Copyright:
Setup Engine Copyright © 2004-2015 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\codecfixtool.exe

File PE Metadata
Compilation timestamp:
2/9/2015 4:57:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:hC2lJmXbj5DIwbQea1LPEyK7r385JD3d6cIWhevB5GbuDkccf+w35N45WaCbQA67:hzlkbFDVrQMyOr3S3d6cLh0b/sIWaCbQ

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9064  (probably packed)

Code size:
22 KB (22,528 bytes)

The file codecfixtool.exe has been seen being distributed by the following 2 URLs.

Remove codecfixtool.exe - Powered by Reason Core Security