» fg737p.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)
Downloads (4)

fg737p.exe

Dynamic Internet Technology Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from d1ob5g40gc5b6g.cloudfront.net and multiple other hosts.

File name:

fg737p.exe

Publisher:

Dynamic Internet Technology, Inc. (signed by Dynamic Internet Technology Inc.)

Description:

Fast and Secure Gateway to Internet Freedom

Version:

7, 3, 7, 0

MD5:

20338c3a4c4b989d09e152794dadcf92

SHA-1:

3db324a395b9bd26249ee19624a584d1067c8901

SHA-256:

99479f03766c9b36e9dcf106a34bfa1018fa62466ba286da7e37b3b35b4f0e0e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 7:52:49 PM UTC (today)

File size:

2.4 MB (2,513,688 bytes)

Product version:

0, 0, 0, 0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\fg737p.exe

Digital Signature

Signed by:

Dynamic Internet Technology Inc.

Authority:

GlobalSign nv-sa

Valid from:

7/27/2010 11:11:22 PM

Valid to:

7/27/2013 11:11:17 PM

Subject:

CN=Dynamic Internet Technology Inc., O=Dynamic Internet Technology Inc., C=US

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012A154E407D

File PE Metadata

Compilation timestamp:

11/18/2012 8:31:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:cPG6W0PoE6j4sE9HM2lkpFU1sAjAurYMtBDvlfYCPy9UqY:UBW482lkpF1iPksxfYCkUq

Entry address:

0x53FD3

Entry point:

52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 33, 60, 54, 00, 5A, 4A, EB, DF, 5A, E9, 00, D0, 4B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 06, 00, 58, 12, 00, 80, 48, 00, 00, 80, 03, 00, 00, 00, 88, 00, 00, 80, 04, 00, 00, 00, E8, 00, 00, 80, 05, 00, 00, 00, 00, 01, 00, 80, 06, 00, 00, 00, D8, 01, 00, 80, 0E, 00, 00, 00, A8, 02, 00, 80, 10, 00, 00, 00, D0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8443 (probably packed)

Code size:

632 KB (647,168 bytes)

2 Windows Firewall Allowed Programs

Name:

D:\Documents and Settings\CD CITY\Desktop\filtershkn\fg737p.exe

Name:

C:\Documents and Settings\elly\Desktop\optimizer\fg737p.exe

The file fg737p.exe has been discovered within the following program.

JvD Calendar by JvD Soft

www.jvdsoft.blogfa.com

About 3% of users remove it

The file fg737p.exe has been seen being distributed by the following 4 URLs.

https://d1ob5g40gc5b6g.cloudfront.net/41/403838/.../fg737p.exe

http://bayanbox.ir/download/.../fg737p.exe

http://files.static.softfinder.com/programs/13/c2/1a/fe/5f/53/01/73/5d/93/14/b6/7e/92/32/.../fg737p.exe

http://s1.picofile.com/file/.../fg737p.exe.html

Scan fg737p.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.