» falcomoleculesetup.exe
Overview
Analysis
File Details
Downloads (1)

falcomoleculesetup.exe

Falco Molecule

Valery Sokolov

The application falcomoleculesetup.exe, “Falco Molecule Setup ” by Valery Sokolov has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from cdn2.falcogames.com.

File name:

Publisher:

Falco, Inc. (signed by Valery Sokolov)

Product:

Falco Molecule

Description:

Falco Molecule Setup

MD5:

af7550f03d0dad52beb50b18434b528c

SHA-1:

45ef1a8577df5139823ee3960bc46dea45b32862

SHA-256:

d54b980c8e2db06bd000685871e8da0002bc0e078856d88861ee81f41422d567

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/23/2024 10:01:25 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.932

9.0.1.0182

ESET NOD32

Win32/InstallMonetizer.AF

8.9824

Fortinet FortiGate

Riskware/InstallMonetizer

7/1/2014

McAfee

Artemis!AF7550F03D0D

5600.7082

Reason Heuristics

PUP.Installer.ValerySokolov.S

14.7.1.12

Trend Micro House Call

TROJ_GEN.F47V0418

7.2.182

Vba32 AntiVirus

BScope.Downware.InstallMonstr

3.12.26.0

File size:

5.9 MB (6,163,784 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\falcomoleculesetup.exe

Digital Signature

Signed by:

Valery Sokolov

Authority:

StartCom Ltd.

Valid from:

3/30/2014 2:06:47 PM

Valid to:

3/31/2016 10:17:14 AM

Subject:

E=falcoware@gmail.com, CN=Valery Sokolov, L=Tomsk, S=Tomsk Oblast, C=RU, Description=2ylE67ffj51UCbym

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0DC2

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:fA27f6DFekeAIMuHpc0HJHaXqEan0n9qWGdi6cLP5rITcKSopXH0oCzfH29OEGul:0DFWAHCSKJHaXqEanOqhwKSmkr7gOEGA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9994

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file falcomoleculesetup.exe has been seen being distributed by the following URL.

http://cdn2.falcogames.com/FalcoMoleculeSetup.exe

Remove falcomoleculesetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.