» ffsetup3.5.0.0.exe
Overview
Analysis
File Details
Programs (1)
Downloads (124)

ffsetup3.5.0.0.exe

Format Factory

chen jun hao

The application ffsetup3.5.0.0.exe, “Format Factory Video/Audio/Picture Converter” by chen jun hao has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Toolwiz Time Freeze 2015 by ToolWiz. The file has been seen being downloaded from ftp-stahuj.centrum.cz and multiple other hosts.

File name:

ffsetup3.5.0.0.exe

Publisher:

Free Time (signed by chen jun hao)

Product:

Format Factory

Description:

Format Factory Video/Audio/Picture Converter

Version:

3.5.0.0

MD5:

424755ace956bde63ae3e2cc334cee26

SHA-1:

e3c3c648f3783e1918a71ee73561b6dfd9e0c6ff

SHA-256:

e590c69232e50479e664f40d2eea96934c61d294979b209e21f7e424ca98a9cd

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 2:22:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.chenjunhao.L

14.11.25.20

Vba32 AntiVirus

Signed-Adware.Hao123.BaiduBeijingCo

3.12.26.3

File size:

53.6 MB (56,201,784 bytes)

Product version:

3.5.0.0

Format Factory

Trademarks:

Format Factory Application is a trademark of FreeTime

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ffsetup3.5.0.0.exe

Digital Signature

Signed by:

chen jun hao

Authority:

GlobalSign nv-sa

Valid from:

6/25/2013 5:09:13 AM

Valid to:

6/25/2016 5:09:13 AM

Subject:

CN=chen jun hao, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:bMccRxeGh/nMLJv/YQouvyCdEbGc4kXwjfwWsHynBKJiIlr+2FmTchQdY4SPUX:xexVREBouK6Ey0wsSBkisrTFOcOVy8

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9999

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file ffsetup3.5.0.0.exe has been discovered within the following program.

Toolwiz Time Freeze 2015 by ToolWiz

www.Toolwiz.com

About 5% of users remove it

The file ffsetup3.5.0.0.exe has been seen being distributed by the following 50 URLs.

http://ftp-stahuj.centrum.cz/dl/aa566e35af99b74e684bc965af899634/551beffc/stahuj/download/software/secured/f/format-factory/.../FFSetup3.5.0.0.exe

http://lb.cdn.m6web.fr/d/c/a/ea005a1b7c34dcc0f831551c1f0a63a6/559320f4/soft/.../formatfactory_3-5-0-0_fr_223920.exe

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150125054658&nva=20150125174758&token=084d3f70fb8fc14cdfc53&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_es&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://format-factory.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPcm9HTkpBqp2QZj2aTww2FLfdm3zjYWMMo5POJUcvsQmtOfzVzC7ji/Mf7QK08kALpu8S6LlUlLO5axyvN9liOfJdhxKCDn2t/.../cyJmBV zmXBQs0=

http://format-factory.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flqKMpqWklJg=

http://d.likelyaa.com/?ic_user_id=9289&data=3 YwhS oIHDtMt0OvaK2tMswU1o87Y4nf4Ym v6wNJwqZQ9xzCiMNAscZvTCaIVbgkvcjpFSfd1TsokXmsUVbZDvRQ919dNbZn7X//06L1hcPoQAyXlurqj7gHdCCebSTk07hdVGwG2Ewp6EYOoP/snn9l5T213z9QRQAbWyy25BcGOAZuBZTK/gov4Jmc41S8lON/0tF41LiFnorkdRtGPZORlWU1908K2dT/kHcosdMuVnphptLyXf9MOo0YSSFeN1 BkzD9RK9jCWGLZASgrMDY zb 3t0p1 rUdwl4j5cd9HzLN9hleWanXAQSPAykG6V/U3ZovudQu X2k oUzksf R8ygZGNa9yxNoUROWbjP56R44XLNjakODY3hqkEWoNWcYMJNZVqb7Ukt3UNg0zS9hyWcZptj2Dp2vhi1wNzG/HaCPHvCGLa0Y38YfalzkdQ3BvGRtSExBwqXvgmNpzmiTNHY/VdyFG7T87ufq8wDipDrpS8spYm6u ypYc1Z1OHSCIE S5YFW7DF7kmE0yNHIANvqZcuCgUy9fQrqOlMOewFFa8s6rlSO57GMe0S/fo9on4T1Rvaws yz4nStxb56VCK3QojtYe1hpoP7JF9s/xngu6tJVu2cVPED9qI54w8OmkwXghywr7cRKtJsBWdyFS5Vjjp8ZHEni6fr3pEpHoSLVsDqtooNdsdFe9D/EgQajCw/3bLM9HWIx16YlrW9jkn8yq3ySERvajOaGAZAXIlta80cHRXPOJhvgSzaFMtPk8Tq9hKhJ6k=&key=iBKIGyt8LnsjzYyp/.../M8ZOxVPxogCVLn9qAgoc7wPNusLvL9gXJ5 7q5dMHxigHeIuFdsWFlJ0ljHrdrZHQmW42wXJZRH64MZtngVL

http://filehippo.com/download/file/.../

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150121055913&nva=20150121180013&token=04e5613e38ad3926bee7a&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_it&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://61.222.3.60/f32ff021df92de143c33e2732e731a3b/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://lb.cdn.m6web.fr/d/c/a/2a91d7d2b98b9589127ac601cff57bd4/54a04395/soft/.../formatfactory_3-5-0-0_fr_223920.exe

http://61.222.3.60/3abb34213f72d0f7c1ed1d6e5aad61e2/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://61.222.3.60/f5bbc5783b491a800cc60e5c43e1a605/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://format-factory.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flqKNoZ2hlpc=

http://format-factory.el.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flqGQoqOjlZY=

http://filehippo.com/download/file/.../

http://d.baixakifiles2.com/?ic_user_id=9289&data=Kz8TedFkG6UaraHVzPQ8I6VhOKsRafvysbF4gsFdOehhNNXYG2oFQ4W9kzIJ 4pO89lq0TrXwobOe /Zm4PJSotthr0uyRw3hC/wK9IKW5qBHC1Ll/wI3kdk7NfMPwmEvJV5aoI7LU3Df1DaXXrVobeJW1AwJ4ejjMv1Tprru83xJvD4wjGIoTt2a7ggFQNVq8gS1vwEHibyxHzWMdVe hg/mBMCR/E/DVPeYMLgZPi86DSkmoUd0Lq4bq9NelWsTzQIiexAwWiHt5ALMJv/nnIOzSEr6wUVIgSap4gIshO48jBrRaSFUvZmh61fEYK7X42uV6EoWTyBOsPgV4K3pmRB7w6LD59a1vFLuMz8hx dLg83 Sa 77DhD1lTjQJT8p9sQBPIpXz52 g3r0alfgnuIEqmdjWGcO0N7s80xJIbLCU aLiSGxlM1x6yOaxxCPl2fEyNlDHlDhG4uFaUsVyhV73sHxaufLmUf0dfTnMb4e3Aa4/hvE/piNm0 hV81oU4kyg3vxHg6ahAJaHAyI0wH7emDkNJ5xCli9lc8TUWZORG99uvpGj9QME84kTDi4OcODIfgPL8E7n59RBUzE1aidK86uarSBRJLMJdZ97CF1IHpRze0OiV9nMfFj6Q4Pm3KWLy MYXjxCGXiXoMkvu3Oo4r4pANdXScYXNkT0tITjNiz GuDWCAKWWaKjCfGOd6FHf76/Z80lVAGbwEAyn02t44 VbHA6e7nJPvo2z0fh32Q7N0TXWPLpt6p9SfpRxeCHKRul xXnvYuk=&key=gy9Cz3rOGMA66RpPFiqZNvtGGQ1/vkVVAD0RLAHQ6PB7MxaYCe7xb4M29zBRpR5/.../PCJOX6o9wgexGQwZvyiKU4HfKnetVLzUviAzn6VS2NLRb8yDGvaUQriPal2YPQij

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150114141334&nva=20150115021434&token=045db4dbdb99da62b8eec&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_en&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150114095834&nva=20150114215934&token=0cbe43ab0f61409434c86&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_en&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150124183907&nva=20150125064007&token=05708a033bd4e23c49197&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_es&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://filehippo.com/download/file/.../

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150115080806&nva=20150115200906&token=099c8833ead86ed3d31b1&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_nl&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://soft.telecharger.com/FFSetup3.5.0.0.exe

http://61.222.3.63/be371b59971984adce3a1c40da48fdd1/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://61.222.3.60/b63d919f67bd1ecef0ec98a9e75375bc/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://ftp-stahuj.centrum.cz/dl/3c74e3f4a3e40b2f66c0fc3fa09f925e/557f298d/stahuj/download/software/secured/f/format-factory/.../FFSetup3.5.0.0.exe

http://format-factory.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flqKJp6Cjkpc=

http://global-shared-files-l3.softonic.com/e3c/3c6/.../file?nvb=20150119114541&nva=20150119234641&token=065bb5c36c259e8ee5e95&SD_used=0&channel=WEB&fdh=yes&id_file=72054&instance=softonic_en&type=PROGRAM&filename=FFSetup3-5-0-0.exe

http://61.222.3.60/b1c1c0cb9857794d78a935bde60bffa6/softking/soft/cn/.../FFSetup3.5.0.0.exe

http://lb.cdn.m6web.fr/d/c/a/8cf61c6dde75c090d362165eef6fe50d/5566faf0/soft/.../formatfactory_3-5-0-0_fr_223920.exe

http://dl.cdn.chip.de/downloads/.../FFSetup3.5.0.0.exe

Latest 30 of 124 download URLs

Remove ffsetup3.5.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.