ezthmb_setup.exe

Fookes Software

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Fookes Software   (signed by Fookes Software)

Description:
Easy Thumbnails

Version:
3.0

MD5:
f925ceb24167d2ab8f9efece691c02b4

SHA-1:
0e12e992af31cad66180eff2ea1fa5fd38f66299

SHA-256:
de3dd1ade87087ba7fc174922fab4f43f764204caeee671b516ee024610511e3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 3:09:04 PM UTC  (today)

File size:
1 MB (1,069,960 bytes)

Copyright:
Copyright © 2001-2008 Fookes Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\ezthmb_setup.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
8/31/2006 3:00:00 AM

Valid to:
10/10/2008 2:59:59 AM

Subject:
CN=Fookes Software, OU=SECURE APPLICATION DEVELOPMENT, O=Fookes Software, L=Charmey, S=Fribourg, C=CH

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
4C46907E192466F57A852DBCF0293EB0

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:t2UV3bmvafELkpsRjTXti0UzUYzeWZ8sbhHX6V55gtjsx5wgOMM6a:t2AbmIEYp6jnL85Z8E9Y55gtYbaMMX

Entry address:
0x9A54

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 72, 96, FF, FF, E8, 79, A8, FF, FF, E8, A4, CA, FF, FF, E8, EB, CA, FF, FF, E8, 12, F3, FF, FF, E8, 79, F4, FF, FF, 33, C0, 55, 68, 02, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, CB, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 06, FA, FF, FF, 8D, 55, F0, 33, C0, E8, B0, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 23, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file ezthmb_setup.exe has been discovered within the following programs.

Easy Thumbnails (Remove only)  by Fookes Holding Ltd
Publisher's description - “Create accurate thumbnails from popular picture formats with this handy, free utility. Find and view images easily, preview your thumbnails, rotate images and adjust their contrast, brightness, sharpness and compression.”
www.fookes.com
About 4% of users remove it
Firefox 19 features a built-in PDF viewer. Mozilla Firefox is a free and open source is a web browser coordinated by Mozilla Corporation and Mozilla Foundation that is a heavily localized.
www.mozilla.com/en-US
11% remove it
 
Powered by Should I Remove It?

The file ezthmb_setup.exe has been seen being distributed by the following 39 URLs.

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_es&type=PROGRAM&Expires=1471554925&Signature=AnhL~nFnEcYsApumyKmU54vu9MDqIDo3zuO0GF5DbDf6KrIBgl8Iv88RgEbm7rgPdlGQYGEkIdnPwEL77IBtnw8dfk0qrx1bdfjEGejjSv5KoizimZkdRK-Cm6aCQHwf35oyPVcZL6pxk7dm95V6f6WpnrdWPk5XvDljKySar-o_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

https://easy-thumbnails.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPUU9aRSUDg 7v0hqvPNHkQ /Sm GK2tvkuj2NRBh8vkZ7ehED8zSKXNpJ8d4y9mxyTzFrJg5s0fCRUdb1kXFp3lGI/.../NyiVX0wFicLQZtFstrSNRgdQ GuW5BiixxE=

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1480485043&Signature=btNhtnrwWnkhDhnpuqUwZnPrd2Q1J-hl~EHCKqGkC9J82CAM9tG9bA8sHvAtbIfI6KdpJLbFX9YBjQMR9MdXrazhFDsbwewCS4zJK9Ae10ELk1BQWGu-oiIIpJgCD4YjNcHllcqfI4ZIIJfHb5mCVsLRALDt8ZdOC4ZZayvF9bo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://download.heise.de/software/8f3afe4454bf37e00f006bd13d730c2a/521a3567/.../ezthmb_setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_br&type=PROGRAM&Expires=1460971780&Signature=GAK-k~Y-KP7mV4zs4R3uLcSMDYqlbiKu3CLCrY558kBMZC5-QVmjpGLYqta1IIvUIAVF0iQYWbzWtLG0e75SNSIPdWk-B6ZZ9tBGVSS0Oamq-s1-JBA7iUSAigBfVzVGUT~9PKsmJw9qKaGMX7PB0lWLgxJi0pRwAh44VIubwco_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://www.traidnt.net/vb/safety_link.php?url=http://www.fookes.com/ftp/.../EzThmb_Setup.exe

http://lb.cdn.m6web.fr/d/c/a/07335db5cce1570bb2d67f7040d5395d/58248c20/soft/.../easy-thumbnails_easy_thumbnails_3.00_anglais_10898.exe

http://webmail.uolhost.com.br/attachment?msg_id=ODEz&ctype=EzThmb_Setup.exe&disposition=attachment&folder=JUNK&attsize=1466244

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_de&type=PROGRAM&Expires=1446418901&Signature=UERGC-jfc9QDNaLSiucV~qVs0XTMP-07FlT5mxfG3fwMLcemaloG1r0JEL7HS7rUfhlUOLYewBseJheLWpLR01E3koFXoKUfuTF959nyM~ngHQ~264Mo-OHNDrEeScplibWHIb7Q6OAzoiImfGv09yL~ptKKIv8Q4QLS7SAahrA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1471366764&Signature=GtiRt7FYA1FDI4UG6cP00nSogftXfnm3is6e7c~gf1g~r~26-7H8-H5g2Y16izVS634s~UVxmQ7XlA1ILyNDTTb-Df3IPwilHUgsjsT2iGpIpwTvPTekCgobM8EfzyuU4iZy1DsRjxHBFh97iCkhuoFohdyaxCl~~mT6H4CuFgQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1476806163&Signature=D7R90RSoYMYUpYo9RPeOIMCOBVDUYWIk3WpEM9EuYnLrhkDvPWy99g7Jqq28eXilmeE~uumu1VDYz~LYGTO~IVCmlOmJC18uwWkVaUKfXrE509zWmM4iRGxM4ySeFZuTzyVxRVYHD-oB3etyivPMvixPtFisfmKuSDJS6dvcH1s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://www.techtudo.com.br/_/software/.../download

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1463294172&Signature=MIcwtMBQ4v-Nn106NtPx0It0ln2vdFwyWfuCKwzdijMDLgTZmNTrlcIpwRiDKmGg1nRBGoOH4ZTU6pwpvw1DU~RclENgcKGpsGNGoeaWNasyUZ5vlPJ5a7EQe~nyz19s3Dbu-hVwSSLQtcfZ1b4ngCgQPrFzyCC2iuuxG32qpDg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://163.16.5.126/kindergarden/.../EzThmb_Setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1477889579&Signature=eJAO3jGcniAtNMqQPSSwuDpe98OoxVmOFcmQYkpiGLwYyZZSVKk1qF5zKL1WUjPHrXQHlYs4v6ntVUKgDgg9kzkju45vVIi2rUAF891iipJ4Y55o7tjpJwOp-xT4iMCg9UjfmKeS7iOY~tH34zb4zp9X8tW8~kNEtJxs9aKscoY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://www.fookes.net/ftp/.../EzThmb_Setup.exe

http://163.16.5.126/teaexam/.../EzThmb_Setup.exe

http://easy-thumbnails.software.informer.com/.../

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_pl&type=PROGRAM&Expires=1474273174&Signature=DSRDuRiqPF~mm8MaylqWn65yY0S3YdhHgDkznh1bVsi04Xz7Ou~7d7orymIqJP7GXJY25XPz1OSnHNXYONl03s1528BnoEGZ-Xc5iT-qpWUKkVXonm1bSC~6o9qotZCaZZDL9vHjmF9cYJ~BG7Vrx~TvyTy3wUKxCaQSdR6I7wM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_pl&type=PROGRAM&Expires=1476535753&Signature=eRJQwMC74CYuYqKS8q8f~1ZAoCVUEh3imNMj-glMjtLAyhOFMoiLgmCDAM3k-tAsNqrESGqF3Vj6dG0L7eOg23N0lATB3ePyYu2dClkEXXFeyhCe6HxQgbr4tYmTpFSXMSANrP9bE8nfBWmBiy8sYOUayw~JNnMNFWRabKPN7Xc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

http://global-shared-files-l3.softonic.com/0e1/2e9/.../file?nvb=20150120154607&nva=20150121034707&token=0ff141593871fff89d60b&SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&filename=EzThmb_Setup.exe

http://gsf-cf.softonic.com/0e1/2e9/.../file?SD_used=0&channel=WEB&fdh=no&id_file=17773&instance=softonic_en&type=PROGRAM&Expires=1451781527&Signature=V-Y3CEtDnLNNnv4-HmKa9oLYiV-Tkadc2U9f1SSnz7gpxJyoPHfQUjXHnble2yQBwKf35kasaApUgkBYZwG3QaRGe9VDf-qvoEYy8JcVEJ3L6Dlq9cnv1gfkOiXZSI-3JKzg9uFf0zBdSJUHN2lYnk9xiKGfdv3QQ0EwF3SOSLI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=EzThmb_Setup.exe

Latest 30 of 39 download URLs

Scan ezthmb_setup.exe - Powered by Reason Core Security