ffsetup296.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
MD5:
eaaefac3aff85959da4ea8b6eb9fcd80

SHA-1:
9c4e8b2795b302d47e05d4b2335290d5c96914fc

SHA-256:
f58d393723b636048d6959f2f143e9579a49d3dd7e8ad32a01437d8fa2fa69d7

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/2/2024 9:36:45 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Hao123 (variant)
8.9256

Vba32 AntiVirus
Trojan.Pasta
3.12.24.3

ViRobot
JS.A.Iframe.43858582
2011.4.7.4223

File size:
41.8 MB (43,858,582 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ffsetup296.exe

File PE Metadata
Compilation timestamp:
6/18/2009 11:33:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:zmHVvfefXoeuhQR7UqqZ8jgRxvQSK7duv+hX+3JtN4W5U0JEqE8ue:zCuEqq+jg/4nBuv+83r20JhF

Entry address:
0x3291

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, BA, 2C, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, 80, 36, 42, 00, E8, 43, 29, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 31, 29, 00, 00...
 
[+]

Entropy:
8.0000

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ffsetup296.exe has been discovered within the following programs.

Air Assault  by Media Contact LLC
is a casual video games distributed through the GameTop.com download portal. The trial verison of the game in some cases drops an icon on the user's desktop 'Online Free Games' which links to a partner portal such as onlinefreegames.com.
www.GameTop.com
6% remove it
Internet Download Manager  by Tonec Inc.
Internet Download Manager (also called IDM) is a shareware download manager. It is only available for the Microsoft Windows operating system.
www.internetdownloadmanager.com
30% remove it
 
Powered by Should I Remove It?

The file ffsetup296.exe has been seen being distributed by the following 25 URLs.

https://dw.uptodown.com/dwn/GgUCmQVfw5aK66-hR6WsCgaAjEb4UUK9M_b94wXWGfLok_qvbunY0JIC63J34xnYnzYatWHEpNEq_OeYgwcacovEt0yCxP0F5zxDYqQK7oCrxsWb5CY_UXRZHfFKszaZ/5EvGQP-sD95lA6wrEO_131S2sVibSAQYpqhzmsSOmFaIOtOdwJcRw3TvHcwwi7S2uP2GEw-6RZAeZLE1X-9S4I-Wtce392HqVEqnJPSQQgFBoI7g2ITnG7Kg4f2evQjO/rzPsUOiIOmioQcolxFy5STKLRpuo6VJv1RPrCckwu0DvSemzNnOm7BMbzcU2qOXJ1mIC3KMeTENPgMR_vnM5A7WaPJD7fRUqUuLuBCItGgoDf7FTfzWmNFm5PWNtMLnf/.../

https://dw.uptodown.com/dwn/nepF2KHwwq5Xh0IXigY6T4hZkz4THKRIK-XH2aj8Am-tjqnwueHe8wZz06hh9g4V0BL5rYO0NHKLDTXkt6pakdJjzF4119ODK_FR3C2-02Oow5YCXsJ8AKaiwVXlO6t8/7v9JXCm8ClFkDM5F_uqMyT_eA4E3fnpI9B-NjkK2--S_LK_eG2cHXBiU-RHj9koV4wcbynx0v6GnTAS4ClVPJLYcpQyCmFanZeME9TChXHI44b7PCyJp1OfnRPqWXBH9/QFqBQdkkLuCjWu4Ebowh0Zb5WUaxRCX6dYcgUPyCFdO5eKlghlAxfSSDRh68myYPEtKudAkD9E8MYiaRXbwpLp8b2DS4wSDGS43UpSRyw3U5C66w8Az8eqaaHfNoDnWk/.../

https://dw.uptodown.com/dwn/shTRrF_9a9LoOjKE-USot3n-pOMFVryoXdHB-zTuG9_NofANt8youjusOR7kj2f9ZdnQskrvWEx5FcZ5teTDXugTVBXhGKec2K80wJdmHgAIXCO_D_V-h80iSxY2YHgG/IyZNND6bj2hsfCnAW9scLI1qC64XHE1FMKBuTVXfQbxQg11bcajohxxc4sO-93sPvecdbvxOvu_mZVq4r4fR6ZXnhyDwdfTj9a6j0RrlHD7chdHL3ZCtEbLu7f3qlNq-/Ua9yI-pUDUaydtYCKaCDJEpr22w276dT0uri-Xm2VxRdnuFGp8C3h10ghI4kZ9nMNdTJw87JoxDLQZjkURKm0Fkv4TTeh3bvnl3zTHGu-gBojk3hvV-QTBHnD7SgM_t8/.../

https://dw.uptodown.com/dwn/5nEE5x_l-WcNpEhTDlfNtx-v4-3wgQDTmPqoiX8KTwiyM9M_3Ji7Rku7va2hapSpiGFqiPJHx6Ivmm0xmi4EbZXn1TERwy3IJDCdryxyjh6Y45Yief_8xl1fav0JPgXQ/Laag5bJQTDTm7iSaeV2M_FNeNV2KfqgBx_lUIa_o0v9P9qCNgC5ELREx50EDJvGRnr0VvyI3Kj6wVlTtDCNAvIqpuay3zHur1tlh7gz0yVYW3hzCimaKCAoqksDpKPAQ/hrPuP-lqpRwBKK7grUVtAukJSIf_h3MyAlT_3HRHimbSlrkYpv33uP_nJDZCF1-Xe5CrDNlnW3XWBbBiagF7m1HXcQ6G71sQkXcDzKlSOmEOFdoYEz95HB98q7ahFcnK/.../

https://dw.uptodown.com/dwn/Ixe3Xt8gDKcqHY-8x3IL4rPQ7iD0vWm-NqfU0sZAayPKjEiqvUt1IQFSZSXzYvepS_OW70SAKRb55CASCQPQYwibHl9RCnkszETe-QIaTElWTCX8xu9aslAhumIngRcZ/pDojEs6eoWz07dDnetK2HLWxPxPReCiPEHT6sS9qAg91WT-u_c1wLGR92abXLO1e5Q4Y-0usHeFYlGMKU_rk6eznGSEww1Xu2AvIkIqbFYW9ebrwgPXU2Et7I4GU7c6T/Pvfr_12NwwdFIdj1260xsv22yzKbk6qBjNkvBt8QNfwFZqp7xeF23Jzz-5eYJf51-nZeQMDL2XjktF0JmLehx87IbYokfAQ5xvazAbnnd5LJBKtQAc2lz0rZgjystrz-/.../

https://dw.uptodown.com/dwn/hGMb4SDwv1aU3NfAXIMHeKrneOWXvG12g_JgXQMH5UIQLSKwB4HYli5RGL4NBKYr0nQdHVJcu2f_kp3RlZ0-npRhfcOlkCFre4ExJBLO3eOEMoFaTbQTaqNah7BL5nCa/RwmtdrLCmAhsZmyJw84CjtlfFu9ukyn4cirCFYxLc45E8z-v4F5hk8tceSkFv8YgglSQgGiSC6eoFxFjwxi2yA4gVPVibWqhaVHVdBQIZB8Te6ubvlm0AGEae7a4ag5g/nuR31b0bA0MERuuWp4lTWcNGdxN1dlfsnq5nnhGFP4hmQZ6nJ5Gb3HwwqaYbDHrJeXMnB25zRYozOniBGBr4g3eQI4C99uU8znlr0liB_QOJe6MKdXiuH6pOY1-i7vcH/.../

https://dw.uptodown.com/dwn/kkSPLfqFso3XhrMLxOcG3BqzNVxDSfc4K8BLv5Z4hcm85lULaF3jvxVM1YLuwFGjRLt97TXWyZj0c9Y08MKsDLD89sGQZHqEWy6I-rnYTw02ZC41EDL1g0wSnTc_Hmkk/ri4itZrFAGE3oiLOY43HVo4kQGyCK4cGFEGBWdxSYoeRs9NbbSUciBg9PD3UTFsYcXBIr-OLC4GkufaCVXWmJ1LA7jVVguvARfTRCoUFSAl_khTtxJIbqtajYc8Wnuci/TR4rxb-Ifp99m2Z-gTpaFGpu_EUXE07zbeCWnwIa3PZpQVl54jHblTICRhnqeaBWKIoiWRZnvpY66U7NbNf6LPdsnt_d67-UHO86bxeql8UkUa_tl6tdyet4ZCIycH0x/.../

https://dw.uptodown.com/dwn/m-2O4JQd0e3GpEiJjElQyqS0mUEDNMCIlLwI3cH13GkZNcfOVAXBf3c2dCwU-ErFuRPWFFb2sQ9d-sR_-c811j_DCcGNHGncdBFxyJs4inqxphhbjXPMFuX3oLJE2dDn/HzxZTO3RFAgt0nI3alsLgcYh2pn9-Ipm8PytyR3xzahsneXIkQwDsxHEKa0dyep4uaNhDx6RrBqKJm3ku1DVeACx-6_c4MEt2iU1G7S-4EXa6SX46o2xnLKbmw0m2Dmr/qwqYlLgZnrm2Xy2w9tH37ZgiRRmGKSqo3B9owygQfW4mlydUoEXC5jygbE7bZZgmZdTWLO0w82HyR-zy7P9MSBggJoWeedvwxI7x4bJ9Xy3VOyUOqLuQEsY99JezGHzZ/.../

https://dw.uptodown.com/dwn/vSMBkJKg76b2yTJh1DGE-pToKob6H9VolSDsEoCWPuthpUqwLFIPabDT_QUhqim2VG7CJ02GmY5yWrfSqfYlqPEBDT8k5RM9rApuAdpqoc6QCa5noxrWnm88Htgbf-cY/UU6Uxggb3fYAnOXRWh4htEdTy8JrgQ0MaSVggniX5F3JiB9ulWYuEVuu4vVED6V2x6PmjIYoM3AQ02kCzlGm7aVqFn2WcMxuCexjtU1GHlrgO_MD185UwAoRJVX6MuHb/hjCNH3T3Fiu9LZPSZ84FXW8nBy3TUV24SmPxJ45q1Sc8se2rTNVyFfsMK-v2qI7VH7Qkxk98gh8YtwuMrzzA59TEfMcm4vbeF4Tx-pxQksasmMPsthZ7tWBZdLrwbUkR/.../

http://f51.y8top.net/2107tmp/cf/soft/2013/7/.../format-factory_295.exe

https://dw.uptodown.com/dwn/DmZXBRyGNCcfaTFmrRomXNk0GIZnU6sCDATE9LaCKn8uwtu8qpGio4q99VbfUnpg2cv1RoSZhydoId8j1Lq1CK79bv9DJlir3NkVDi7fyq4eTEzhLdlnJ-VdNk3Quw8z/kBJ2Ad4GIZ86jM8DVUZe0VINaFMF8ez3jJTACwI4fH3oj4dDr1wpzvG-NM4ixcrBIrbVqJWg4Okl7RooKIt-QOl-5Aye2pBjQ4cp74EqzuJpXEyWHthBxyMiFwJKczbY/pNUX9V7nR355RoTUyl3a6-QHjDQsnjJPOLFiT1lZ3n1eeIJlKyiikNqcSxJwCluXnX1bHkXjgyNGUtsYDbhnhzObEuVFkG5_AChE49SMeTEd1tIp-Wtj_js_al0js7E1/.../

https://dw.uptodown.com/dwn/zg2FdoU4uc6VN1uFbrbHXE6blENIWVAfBmLa-1LXbMGCPbiY8ylsfHAjqmAlxcQsTwMzLZHfo0XnDbcY0qiHBudS2Uk5Lt-17tizviZd_OMMyAoLjcLpVwemqfCDqWAp/k5S7q465GPLIWjSI_I4_wOrk0VriHWIKECxUS2EVlufbktqkFOEsPQAjr3bTUsaNFsmvIFf9HGn641B8tXH5bWB_w21MrWDgXq3vJjuHlvRGgBg7Lkhf69mkUxWTKrg-/6U5-As7OyTf3PP6tC03cFQrp7y1Tc7W45JwNKgI3hy1Ak-OtjJiAQ6h-xRke8EH-rM4AkpQcHkwItyoSgi5V5QKW3J3hpxUOsjGlGfEelc__1s_sft9YVYRli6lf5h5Q/.../

http://download1136.mediafire.com/7dnezjnx4lxg/.../format-factory_295.exe

https://dw.uptodown.com/dwn/4vFE2yb4kPPiKNMyPqS24jK5aE7mZSBlrLy_iWKoauyIfXNonxAX_EqTlNd9w0dswxa3ypluWQ1yQupouXpyvyztcEhh-9C1VWNue-WNRRVBcRq87TVbcbFz4_1IpbOK/PF11CHRrXpfiAIitUzz1pApBuhmErCgL7Ej9a4K5wKa4fvR61SUplBsOgXEeF1GSz2rp0mel5TPaJNQTka8KG8kP5kjZwcQ2rZuMckx4Ts0XsEUXAYsmziV0IdsmYNvm/.../

Scan ffsetup296.exe - Powered by Reason Core Security