fg739p.exe

Dynamic Internet Technology Inc.

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Vqiooiqw’. The file has been seen being downloaded from download1584.mediafire.com and multiple other hosts.
Publisher:
Dynamic Internet Technology, Inc.  (signed by Dynamic Internet Technology Inc.)

Description:
Fast and Secure Gateway to Internet Freedom

Version:
7, 3, 9, 0

MD5:
d28a988c344080c31493a1eb204a75a5

SHA-1:
90e70b367a541f09d1bdeb779a0e5f7302850e3b

SHA-256:
50dab54d94e8312b9a71b57329247cdf46696c1e6a2831242439271eec4f2da6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 1:57:14 PM UTC  (today)

File size:
2.8 MB (2,890,520 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright (C) 2003-2010

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\fg739p.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/27/2010 11:11:22 PM

Valid to:
7/27/2013 11:11:17 PM

Subject:
CN=Dynamic Internet Technology Inc., O=Dynamic Internet Technology Inc., C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000012A154E407D

File PE Metadata
Compilation timestamp:
2/7/2013 6:25:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:GczHdI1gENiQ291UJznNmJ2mmyerYljRQ/8kHcjFK+Qfp9Nx7+QcpmQeVNG:GA2gEN4918zNdmmygYlC/8kHMFG5J1QC

Entry address:
0xA9FD3

Entry point:
52, BA, 64, 00, 00, 00, 85, D2, 74, 1D, B9, 00, 10, 00, 00, 85, C9, 74, 07, 01, C8, 01, D8, 49, EB, F5, 52, 54, 54, FF, 15, 33, 40, 5D, 00, 5A, 4A, EB, DF, 5A, E9, 00, 70, 54, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 06, 00, C8, 11, 00, 80, 48, 00, 00, 80, 03, 00, 00, 00, 78, 00, 00, 80, 04, 00, 00, 00, D8, 00, 00, 80, 05, 00, 00, 00, F0, 00, 00, 80, 06, 00, 00, 00, C0, 01, 00, 80, 0E, 00, 00, 00, 90, 02, 00, 80, 10, 00, 00, 00, B8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8708  (probably packed)

Code size:
1.1 MB (1,187,840 bytes)

2 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Vqiooiqw

Command:
C:\fg739p.exe

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Myimgeys

Command:
C:\users\{user}\desktop\fg739p\fg739p.exe


3 Windows Firewall Allowed Programs
Name:
F:\mojtaba\program for pc\fg739p.exe

Name:
C:\Documents and Settings\elly\Desktop\optimizer\fg739p.exe

Name:
C:\Documents and Settings\habib\Desktop\oder\92\fg739p.exe


The file fg739p.exe has been discovered within the following programs.

Angry Birds Rio  by Rovio
Publisher's description - “In Angry Birds Rio, the original Angry Birds are kidnapped and taken to the magical city of Rio de Janeiro, where they eventually escape their captors and set out to save their friends, Blu and Jewel – two rare macaws and the stars of the hit motion picture, Rio.”
www.rovio.com
9% remove it
Cloob Messenger  by cloob.com
Cloob Messenger bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.
www.cloob.com/etc/messenger
About 10% of users remove it
Eye Pro  by Classle Soft
www.classlesoft.in/eye-pro
9% remove it
JvD Calendar  by JvD Soft
www.jvdsoft.blogfa.com
About 3% of users remove it
 
Powered by Should I Remove It?

The file fg739p.exe has been seen being distributed by the following 3 URLs.

http://download1584.mediafire.com/wd8wo2uq2f7g/.../fg739p.exe

https://ia601703.us.archive.org/35/items/.../fg739p.exe

Scan fg739p.exe - Powered by Reason Core Security