fg731p.exe

Dynamic Internet Technology Inc.

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Eighurvm’. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Dynamic Internet Technology, Inc.  (signed by Dynamic Internet Technology Inc.)

Description:
Fast and Secure Gateway to Internet Freedom

Version:
7, 3, 1, 0

MD5:
cde7c90d6dc6b34cbedcacdf2311a6c8

SHA-1:
a1f793feab784f23ea4fcc675390f9b78da04d41

SHA-256:
bad2f3cfa46a423e3ffa4c208ed3f931cc5921e6ebc7b634b12d59bfa8d233b6

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 3:44:57 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Freegate.B potentially unsafe application
8.0.319.0

Kaspersky
not-a-virus:NetTool.Win32.Proxy
15.0.0.562

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14131

File size:
1.8 MB (1,841,944 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright (C) 2003-2010

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/27/2010 11:11:22 PM

Valid to:
7/27/2013 11:11:17 PM

Subject:
CN=Dynamic Internet Technology Inc., O=Dynamic Internet Technology Inc., C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012A154E407D

File PE Metadata
Compilation timestamp:
7/10/2012 12:18:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:v1FFcJ1wgidWi+yEnzWUFY/lJWkaRmjNXV:dY0NAisqUF8j2uNX

Entry address:
0x51FD3

Entry point:
52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 33, 00, 54, 00, 5A, 4A, EB, DF, 5A, E9, 00, 20, 3A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 06, 00, 28, 12, 00, 80, 48, 00, 00, 80, 03, 00, 00, 00, 88, 00, 00, 80, 04, 00, 00, 00, E0, 00, 00, 80, 05, 00, 00, 00, F8, 00, 00, 80, 06, 00, 00, 00, D0, 01, 00, 80, 0E, 00, 00, 00, A0, 02, 00, 80, 10, 00, 00, 00, C8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9138  (probably packed)

Code size:
612 KB (626,688 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Eighurvm

Command:
C:\users\{user}\desktop\fg731p.exe\fg731p.exe


Windows Firewall Allowed Program
Name:
E:\papers&books\unFilter\fg\fg731p.exe


The file fg731p.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
Cloob Messenger  by cloob.com
Cloob Messenger bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.
www.cloob.com/etc/messenger
About 10% of users remove it
 
Powered by Should I Remove It?

The file fg731p.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1485452723&Signature=QRFCtnNSs4k7aUEyiDkWM-rq3Cy-Syh-4wVn-kPeXwEFqpRgsYvTP8nmR20CuUDi0sDetUWqf0HFFrmFY9WsNZbc~eJQr81OzMosLfirjNKnv8xGXtAAivmEu96-~-rlHqXqaKsmOp-~sRTvGGjW5ty6zaJ681esJhssgBPx3b8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1483987936&Signature=d801ysL1Ho97zUKIIoBjy7po1RCn6fm4z7Ms5MKDcm3dYEO8HPA~waD6N9SMMZ6FC6L9FeCESSb9kLfEWZec5emQSUnA4pd7GHXOHpTf938eJczOJK-Za8uJChh1aCbbUYTuON~q41~mnnV6fzTV714UhdbvLc3D961UdVac51w_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1463519106&Signature=Ol0UIXBTUhtqf1WdAcfkcTi5kxovSjA3oh6qOgNq7KUL00ZPxEz2yTw3ljzhIG3ZldmvLn0fP1XjTxDvBKFYUx-s9-MvTByuH-lz9h40fopPQmOhpT3SPEK4fKV9u3ubpDT34H~ICX~qWjWubsITfzffPlwDNp0q57Fl0Op0W5A_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1472563479&Signature=Rv0vH961atdocQgv82cENw4AQlkY22rnlZTLzCbOqu1DAaihZeSaIi9nbIThwaXDvGpnIsANjtgz2IfcHGWuInckZGuVH88I7woGF6~F55QsZDSWIhFAvRWEcoOUutE0j9EV~CySYOcZIOGJuFQ0QoePib7wA38OTsHS~gL71mo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1455946281&Signature=DB7~EWMRimhdeAEksrLthmEogPOinvGheOSYDIL7Zbc9sAj6gW2WItPH9X23snL61oFqK1Dy8pGmvfWTmOfq-CgMZA8-n0tez0wGbFovl00r7MHhMfbUAnWceBAGUluqEMBxBL5E0qzw43~-lJBFzEeRM0wuP7WZA9CDYCAuHm0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1483753293&Signature=PNE3DGdxMSUQXNZIFzFqXuxVW5Fivw5yAMNGZUxoGBKdizKOLo~PgoI94oSI1MLq1C-Dz3m6Pz4BNp4UDFC~0Eqf5OKPH~V6TbiUMaUfKYOlvn0UjmmD71H6DWpqvZzBUKf-I~y9wQXiaZgARnMgitwYxB86L0p-3bwhrGh1m~0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1484985471&Signature=eI519Vapx0qCHp9UZ2Q8F8sccsyffUYKEiienq~4KzZra6-9Q~rK23wMegmHi-UQhNaXWziysVEOSmXl8vdGYptZAI3e~kihmKGa8gAbf-Atv6QK7vXAF08ucGdgSScb7biY5q6EU5NcWIkX9xfBJzJwhvhlwsUwQD1fbqCbo5U_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1462498638&Signature=gT6w741LYLdmBuag67YbmPqecpLC2Y9tXS4RDjeT6aJSjI-c2jkr6pRfzwFTYkLbMgn6kdC7iJDJGuxR25iVEPvFrTS2GYAOeOEz2zwOwoESv3PInuRrPlWbSl7q7UfhtG5hiEx6ifVFFrZ3laoRz9LDHvTidLVk4weprdLvAqI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1446878903&Signature=fxNCIxPwfjurmA81vu2oNquGdAJTi~FmRgZ~j4i-h3hfibSdZx8V9RJg60ebbtPCveKpIhFE8aHpKr56o02VvFckvqY1w3xX18HXurqYNRTlwJv6n9VcLQFhyPhkgGMGMsojTp3YgxcHTKXftyeC16Ik49dkP2bcHexLdEcAbmo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1485845480&Signature=U95poru4yxzJVJQUBk78sqlr4olCAYV9KN-snFg1MeqL1v60UNnwgT151od~UZqHoA-Cvtk65HErz4wgFTcuZZfafJyj0NwIeE236icXoKOJajldnKy~m0eHzBo6dA8g13QTAUbBOVtNZT5KQhk7Gvkz4OYDa~fHk4eR7D50DPQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1473451518&Signature=Zw60j~3reGUAIn2CZAnZq6tr7yZQP~zLpBC-v4jHkbiZiRbcyznz7MyBvmDLmSI~ygvHDPeXop7BR1vXhBGdnuyFY0eu91BxmCCwNu1KNiS1kdoI-ViTRXXpa9SSBH4xq0mZrzqSDbkuMy4o5iJTxrCrwlxy~MzTSJ8fEV3DN0s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1481621834&Signature=iJf83M6bnTs4QtMDLb30i-9kGuCbP5LHc0LfcLsH0ViRrqkrP7SN3WABTZog8bD0qb3ImXJNsahWU9PpyqLPAZCnpFQAf8HPrA7giBq~CVBhfZDj0w0rITnBWxxpxNFJGwcLBBBPfPffh2rzIzHQVsH2DPQ7KvJzkdfhAySOwx4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1482563034&Signature=Nj-a3g9x9~tTfX~n-bQaQ6nxtMizAzR-sMovOEBBQcCS~nCFrBBhaT5pdK1Y3FetFmL2mALPHaOIkp1LrklmLyyNpBcDcWjxoWv2dAj4N14WYZ2XjamwrZpxQEM-2z9W2Mk36LDsJJhAT6EsKH3xD8ZGFndBHo54h1csaO2xBLo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1475527968&Signature=AEDAwwOR1PzDh2kGryePdpKBcfJEnx98XP4OA0-NRiGa0YgCazuoIaKrFO67M3GRscP~b3HpeNj0nkXeMNqhv1ZJGv3fN3nXXuGq~olS3ZAu01WUK4HoDXXGvIlBYwcyZGqU5kbq0rrbLvGrNRlfVJc0~Xf2VLKDgb34S8amgDI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1437691623&Signature=GCdHLG6SkSG~-uqJByD3oY8g7KK3IZ0auTiBxWsTYcNhqqp0LGJZEOM8D-4a1hirYiVbMx9DU8HaQqx-UnAHc0H-Hsbymx9pIjtqS25Ukr8vHFXBnH9utrWloERnlFKFa-5FAA93DEt14qCl-z0d2X-Kxa15a~I5lFbZs2kEs6Y_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1483764592&Signature=MwNWrDQm19YuLyNnwVWnGZBkcxe7Wa~vbd1mx1v4ItsV-G1bhICKvtNtwc6EVnRfPMDzEgGEhtffqV1NEQEKBEwBEVnUYWuj7X8tLyzTWvryvqXh9mKITCW4kIL9kgV2hR4JTV7aAwn9QUnwKAE3RSNeGYFFpMIE2OnIzQ7X3U0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1483580709&Signature=QUvUZ-SpY3iBOH8mGNMRh45vjIvudRg~4B~Mz6DXpiQbqd7pGSSvCP3SDvojEXyAbPWIMaBtSzgouLecXRXsC6ijni-8ysKjAYW6mVGOQM96aE7yk-DSHre5lVWV0p7iYuF~bw7kcyFe56gQpqFnTTk~-OAnJ1CKMlCGrMoelwc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_es&type=PROGRAM&Expires=1463795320&Signature=dg6MoTDr7pfffiU2bK5OuspQe7Q4jvDq~-lxt4NuDcemVQEY991ickHE9w78wOf9v~~rLRZe0lDx4enE7zKKnrCBpL7rZB1HpJBCe-Dey2wnowqksA2uImlewx8ewvj0TbQmlezMbHKm8bPI2TF9uo39ybJ2xZneBRD3L6dQP1c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1438079514&Signature=gVgp~MpEbTe-afCC4SASdcygD2S49AXTmjC-ojBE-pwrx7o~CSJEnxDpTtceupGXWr2fPnSjvamyBpe1pZlsgssD~wTqsCqXiCM26EzXuCnOTh-3oiFj2LJBWgEc0MMHKsgqt-ul9n9K-C4zCRyT9nF4nDiiPLvqStkXKXIovVM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1478894031&Signature=aHR9sLkz72PckAHmG9Z0vaf0m1wNBbTn-MDCnDKxMN~4DJoHcaJayy7a4AnD4O2v8qpjJ68~dGYHkzl9aSZmncuMURbL88ZGX9t4YtTYGMmeMtBEIvF-axedZor5yHiQq4waZixUUAFpAeYs-hW~LXY6ldjwqRqn-H0d2uA6pHk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1439670247&Signature=VOm4zbQvYCGgLCvAoumK2e8VJWDkbJQ2kxZyMlQu6c3DvQ1qhHkTKZfuOEqa7uSB6vxYfPnsEzwvQrkGQOUCSkSHK6AapGCzlIABx-RPaav2BspuH0icrsLhIbomfWaK1gEerUIjSuSMkJRc9RysTKivGIjOr7sqE6WUmD8cQFQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1467600479&Signature=UWS6Y~LViJwSzObvNHnD~Oj2SVQJbQrfqOk3K9YkoTwynsSDFYVcoLY8IT8~14WhaW4Ot0ZVEkqAXmVbIUqJk-0zhm2Qiy-Lu~tulCUI6~SpINoXnZzE4PVmpPE2V6wpw-W6sJxmR5WnG4YkVKadpkrRLEXNrE2qJlHXibC-t6I_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1479601492&Signature=VeZtgjilaq52bFGWzCU01R0FTNmYco~e-Q5yTNmRU7Wa7BI54yX-h2ONUWo1Xzm5-KMnPf4vWdABTxCGGA7Q9~6de6Kgz5FPi~j-Pi1yBizZ6vPQa5Q57384IVSBBj4SVRa1r2xM8wYEDg6lV4EnUsHcEL8FIcMswx~ZG-j3twI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1479146726&Signature=YWcH~FrUshe8XO31V4Ifxjq1F13q-JIr1EBVoC5-B3s6IYv4krbkY6IUdx3NDx9mOEYoPaTMUMw8T7qQqnMFPrA1AaK~jhoyUcAIhbDMJkcNzVJXNKdldBFNYtABtikzqsh0pzmxBCUZrMi4fvxxoRZxkzA9bksOnaFSYT-Cz2U_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://www.appladdin.com/freegate/.../Freegate.exe

http://dongtaiwang.com/loc/software/fg/.../fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1479505050&Signature=Dbg~elaKi0-pQdH8039e4CJJi5R4~VIHEHUFUNhrtH9bpQSjgl8wGImM1HWH58iHTBtiTbC6Ps8t1EgSXOVAKo3mlgyvcX6Lbz2kq5VJxEofa92V5GUYzl1BhSJ89UmRHUr8ZFXcJdv2OKX3sQl8iP2Ehn-EYl3oQDLEJuLSZQQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1479748869&Signature=RVLOgiVCEK3dLFsndzglVndeCPAqhwmKxdvbFHmynG~X-JB~w-KxOBo9saywS2oHYRD4fMSNXNQ90l8wTqpJ0tyvolwMUw0ZJMK~3dKw5FPSZdF4D5UIrnKyHd6NohhjrUM6ZSnkbWD-MfJ6jvqF-43~Ok~n223ZD-pDheytwU8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1480717428&Signature=WyOMYrJ26l9K797D6Wzpi3MXNxWEd5y1tGKY1CMBKvoRaCN67JVHfCDnJNSQPP7IU6i3L7UnQNSA4ZZdnYqv3jZtZPwWiEGhp0KABje~4hcrQ1daaxdXmak9wn1~uI5wk977na6fx1MKjcLcp7OtrU9kulYcJRCQVTXAfSh~6EM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

http://gsf-cf.softonic.com/a1f/793/.../file?SD_used=0&channel=WEB&fdh=no&id_file=91494&instance=softonic_en&type=PROGRAM&Expires=1481011347&Signature=BvHleBiaKQvry-gpOwLcadDnWm4yzAmLHzKbZDNxywEgWTOZn7QJJq~pIvmFn23~OS14Xdse~rqjRKuk4h0CftJIo9kJqd8N6cl82QtCL1iTI8M42qvsq-rRqUYcKlDba9X6NGQRFjkFnzqvVQ04gOuVYL71NfwyYjgpq4Or06o_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=fg731p.exe

Latest 30 of 60 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 36-227-221-75.dynamic-ip.hinet.net  (36.227.221.75:2722)

TCP:
Connects to 124-11-170-198.static.tfn.net.tw  (124.11.170.198:4888)

Scan fg731p.exe - Powered by Reason Core Security