home

fa_update.exe

FotoTime Inc.

Publisher:
FotoTime, Inc.  (signed by FotoTime Inc.)

Description:
FotoTime FotoAlbum Pro

Version:
5.4.0.1

MD5:
ac8d669535f78c8dbd2b468bcb888f87

SHA-1:
ae9243d9ab0e784dcd6a86e29d88ba2300397990

SHA-256:
b1e2bdb6b97fb8e7ae57eac3fc0650dca565d821d2f49afcb8f9edd0c209637b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 9:26:04 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
7.8 MB (8,132,336 bytes)

Copyright:
FotoTime, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\fototime\fotoalbum pro\fa_update.exe

Digital Signature
Signed by:
FotoTime Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/13/2006 8:00:00 PM

Valid to:
11/13/2008 6:59:59 PM

Subject:
CN=FotoTime Inc., OU=SECURE APPLICATION DEVELOPMENT, O=FotoTime Inc., L=Colleyville, S=Texas, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
26FC8AF3BC344B249A0997B568C668FF

File PE Metadata
Compilation timestamp:
1/29/2004 1:13:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
196608:+PYf6owoxpUJKleD2DUakwn13VHV1dygN0y0z+937zpF:+gCo7xpPcD2DUak0P3xHZ377

Entry address:
0x39E0

Entry point:
81, EC, 20, 0F, 00, 00, 56, 57, 6A, 04, FF, 15, 0C, 61, 40, 00, 33, FF, 89, 7C, 24, 40, 89, 7C, 24, 24, 89, 7C, 24, 20, 89, 7C, 24, 28, 89, 7C, 24, 1C, FF, 15, A4, 60, 40, 00, 8A, 08, 80, F9, 22, 89, 44, 24, 30, 75, 2A, EB, 05, 80, F9, 22, 74, 10, 40, 8A, 08, 84, C9, 89, 44, 24, 30, 75, F0, 80, F9, 22, 75, 17, 40, 89, 44, 24, 30, EB, 10, 80, F9, 20, 74, 10, 40, 8A, 08, 89, 44, 24, 30, 84, C9, 75, F0, 80, 38, 20, 75, 0A, 40, 80, 38, 20, 74, FA, 89, 44, 24, 30, 8A, 10, 80, FA, 2F, 74, 1B, 8B, C8, EB, 08, 80...
 
[+]

Entropy:
7.8363  (probably packed)

Code size:
19.5 KB (19,968 bytes)

Scan fa_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.