fancysetup.exe

Fancy Guo Ltd.

This is a self-extracting archive and installer. The file has been seen being downloaded from dct.vcdn.vn.
Publisher:
Fancy Guo Ltd..  (signed by Fancy Guo Ltd.)

Version:
0,16,0310,1336

MD5:
739d90f643b41c5dfe712096204bdb13

SHA-1:
4e98d153cab6324419aa9955509817626202c012

SHA-256:
5837895f2dd7114245152fc07b02af8f735478c4435b7978134a872c8d1809ac

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 4:40:03 PM UTC  (today)

File size:
1.7 MB (1,745,344 bytes)

Product version:
0,16,0310,1336

Copyright:
Copyright (C) Fancy Guo Ltd. 2009 - 2015. All rights reserved.

Original file name:
Fancy3DSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\fancysetup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/30/2014 7:00:00 AM

Valid to:
12/30/2016 6:59:59 AM

Subject:
CN=Fancy Guo Ltd., OU=Technical Department, O=Fancy Guo Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
144F450EF0887210EC0F865689B3532D

File PE Metadata
Compilation timestamp:
3/10/2016 12:36:05 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:u9T1wvMoWy7vKkKfgTVEtf84pNH+vElScYCgh4i2dorNgc40V4q6sxqi/QoOd9C:gTGvTVGrcWS2gh4HppgQPE

Entry address:
0x109A3

Entry point:
E8, 50, 2A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 30, 5F, 42, 00, E8, 67, 2F, 00, 00, E8, 1D, 2C, 00, 00, 0F, B7, F0, 6A, 02, E8, E3, 29, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C4, 23, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9404  (probably packed)

Code size:
111.5 KB (114,176 bytes)

The file fancysetup.exe has been seen being distributed by the following URL.

Scan fancysetup.exe - Powered by Reason Core Security