home

fa_update.exe

FotoTime Inc.

Publisher:
FotoTime, Inc.  (signed by FotoTime Inc.)

Description:
FotoTime FotoAlbum Pro

Version:
5.1.0.0

MD5:
337fd93fb9a1e22792138acb0f93da60

SHA-1:
4a1796a347605b1d8157a7e095beaf10c67d7599

SHA-256:
05894077a9bc249541bfa1f5ebc3d4fbe3ebdd3e919ccda99b9985a9052ef3aa

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 7:37:08 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
8.4 MB (8,843,504 bytes)

Copyright:
FotoTime, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\fototime\fa_update.exe

Digital Signature
Signed by:
FotoTime Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
10/11/2004 11:42:17 PM

Valid to:
11/13/2006 10:14:50 AM

Subject:
L=Colleyville, S=Texas, C=US, OU=Secure Application Development, O=FotoTime Inc., CN=FotoTime Inc.

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
3EAF1B

File PE Metadata
Compilation timestamp:
7/7/2003 11:37:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
196608:MTE5woyuHRyj+cTiRANZXB3IyhDvvu46Exjbs:M457yuH9NRg1B3Thbvx5m

Entry address:
0x3901

Entry point:
81, EC, 14, 0F, 00, 00, 53, 56, 6A, 04, FF, 15, 10, 61, 40, 00, 33, DB, 89, 5C, 24, 50, 89, 5C, 24, 28, 89, 5C, 24, 38, 89, 5C, 24, 34, 89, 5C, 24, 3C, FF, 15, A4, 60, 40, 00, 8A, 08, 80, F9, 22, 89, 44, 24, 40, 75, 2A, EB, 05, 80, F9, 22, 74, 10, 40, 8A, 08, 3A, CB, 89, 44, 24, 40, 75, F0, 80, F9, 22, 75, 17, 40, 89, 44, 24, 40, EB, 10, 80, F9, 20, 74, 10, 40, 8A, 08, 89, 44, 24, 40, 3A, CB, 75, F0, 80, 38, 20, 75, 0A, 40, 80, 38, 20, 74, FA, 89, 44, 24, 40, 8A, 08, 80, F9, 2F, 74, 1A, 8B, F0, EB, 08, 80...
 
[+]

Entropy:
7.8548  (probably packed)

Code size:
19.5 KB (19,968 bytes)

Scan fa_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.