» ffeuter.exe
Overview
Analysis
File Details

ffeuter.exe

Xin Zhou

The application ffeuter.exe by Xin Zhou has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

ffeuter.exe

Publisher:

Xin Zhou (signed and verified)

MD5:

d32e59f7406c2d04de03512d8aefca6d

SHA-1:

aca4d50aaddbd1e9ff8be16c4f072f5c3ac75511

SHA-256:

1232d4e7d6d8a73bd330f724322d76fa75eee899cc0fe01308423baf3984b947

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 12:28:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.XinZhou (M)

16.4.22.19

File size:

587.7 KB (601,848 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\yesbnd\ffeuter.exe

Digital Signature

Signed by:

Xin Zhou

Authority:

thawte, Inc.

Valid from:

4/19/2016 5:30:00 AM

Valid to:

3/23/2017 5:29:59 AM

Subject:

CN=Xin Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

4CEAF4F1B7C2E1B181B9A1ED937F62A8

File PE Metadata

Compilation timestamp:

4/19/2016 8:06:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:DamHibZUFaJ8qzwr9vwLMqMtaFViRb9ZnzzWVsv9uB7TyNIWTs5T7A8w:Dq2FabwVwgtPfnzKS9JT+T7vw

Entry address:

0x373B4

Entry point:

E8, 2F, 67, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 5D, E9, 88, 6C, 00, 00, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, C0, CD, 48, 00, 85, C0, 75, 1D, E8, 9E, 64, 00, 00, 6A, 1E, E8, F4, 64, 00, 00, 68, FF, 00, 00, 00, E8, D5, 2F, 00, 00, A1, C0, CD, 48, 00, 59, 59, 85, F6, 74, 04, 8B, CE, EB, 03, 33, C9, 41, 51, 6A, 00, 50, FF, 15, 64, 21, 47, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5B, 39, 05, 1C, D7, 48, 00, 74, 0D, 56, E8, 47, 5C, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 90, 11, 00, 00, 89... 
[+]

Entropy:

6.6027

Code size:

448.5 KB (459,264 bytes)

Remove ffeuter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.