ffsetup3.7.0.0.exe

Format Factory

chen jun hao

The application ffsetup3.7.0.0.exe, “Format Factory Video/Audio/Picture Converter” by chen jun hao has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from filehippo.com and multiple other hosts.
Publisher:
Free Time  (signed by chen jun hao)

Product:
Format Factory

Description:
Format Factory Video/Audio/Picture Converter

Version:
3.7.0.0

MD5:
1560f8bd4a8ce4345ed71dfd97667bb7

SHA-1:
0dd4f76aded318d44a68d721964ae77bcf8dd704

SHA-256:
3be44acd587864cae7f872435407ad21ac908add927c5a69e89c242093f29222

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
11/27/2024 8:19:36 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask.G potentially unsafe (variant)
9.11953

Fortinet FortiGate
Riskware/Ask
7/17/2015

Reason Heuristics
PUP.chenjunhao.Installer (M)
15.7.17.6

File size:
51.9 MB (54,458,464 bytes)

Product version:
3.7.0.0

Copyright:
Free Time

Trademarks:
Format Factory Application is a trademark of FreeTime

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ffsetup3.7.0.0.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/25/2013 10:09:13 AM

Valid to:
6/25/2016 10:09:13 AM

Subject:
CN=chen jun hao, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F9DDE67138EA8C52C9F6F1901954DE8

File PE Metadata
Compilation timestamp:
12/17/2013 6:46:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
786432:RiGGrV30PeNWXZEVak7WDqwGXNxZk6d9TvciElp/qJnGHVYOb/fctqv0AU7SskH:cf0PeNlYDqwGXbe6rolery/PnYSsU

Entry address:
0x3A0A

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, DB, 5E, 89, 5C, 24, 18, C7, 44, 24, 10, 40, A2, 40, 00, 89, 5C, 24, 14, FF, 15, 90, 90, 40, 00, 89, 44, 24, 1C, FF, 15, 34, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 53, FF, 15, 30, 93, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 2B, 2A, 00, 00, 53, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 3C, 50, 53, 68, 84, A3, 40, 00, FF, 15, A4, 91, 40, 00, 68, 6C, A3, 40, 00, 68, C0, BD, 46, 00, E8, 0D, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
30.5 KB (31,232 bytes)

The file ffsetup3.7.0.0.exe has been seen being distributed by the following 50 URLs.

http://filehippo.com/es/download/file/.../

http://ftp-stahuj.centrum.cz/dl/4db8cc7cb153d9ccb0d2db9ca6640348/567fa0bd/stahuj/download/software/secured/f/format-factory/.../FFSetup3.7.0.0.exe

http://dc432.4shared.com/download/.../FormatFactorySetup3700.exe

http://ftp-stahuj.centrum.cz/dl/586d8874a85a491eaf85998996f48721/569a57f0/stahuj/download/software/secured/f/format-factory/.../FFSetup3.7.0.0.exe

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://www.filehorse.com/download/file/.../

http://files.instaluj.cz/dwl/a5286959b3042eef8991353d5c746827/audio-video/prevody-audio-formatu/format-factory/.../FFSetup3.7.0.0.exe

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://share2.earthlinktele.com/download.aspx?file=1856555391&sig=MjYvMDIvMjAxNiAyMzo1MDo0MA==

http://filehippo.com/download/file/.../

http://factoty.ru.z92527cf.bget.ru/81bc912abc814df3/get.php?url=http://.../FFSetup.exe&name=FFSetup.exe

http://download1031.mediafire.com/10e9mbbrqdig/.../FFSetup3.7.0.0.exe

https://besplatnyeprogrammy.net/multimedia/konvertery/.../download

http://ftp-stahuj.centrum.cz/dl/49945b3159f867019a7cf6bab779ff28/56025a50/stahuj/download/software/secured/f/format-factory/.../FFSetup3.7.0.0.exe

http://filehippo.com/es/download/file/.../

http://filehippo.com/download/file/.../

http://www.edownload.cz/sw/format-factory/download/.../

http://lb.cdn.m6web.fr/d/c/a/0fdf6f94f23c2578a8d701a5f858ab86/55b68f59/soft/.../formatfactory_3-5-0-0_fr_223920.exe

http://filehippo.com/download/file/.../

http://www.slunecnice.cz/sw/format-factory/stahnout/28889/.../?md5=YXjidL8N0DZjIVnLl55s3Q&expires=1438958542

http://filehippo.com/download/file/.../

http://bezprogramm.net/.../download.php?id=218

http://ftp-stahuj.centrum.cz/dl/e0cf0a5127094acc53b76c64cefaa3a9/568b553f/stahuj/download/software/secured/f/format-factory/.../FFSetup3.7.0.0.exe

http://filehippo.com/download/file/.../

http://dw.html.it/index.php?softname=FFSetup3.7.0.0.exe&code=1439980806&q=ODk3OTV8Zm9ybWF0LWZhY3RvcnktMTM=

http://filehippo.com/download/file/.../

Latest 30 of 81 download URLs

Remove ffsetup3.7.0.0.exe - Powered by Reason Core Security