fgcn_102099.exe

Trend Media Corporation Limited

The executable fgcn_102099.exe, “Flashget(快车) 在线安装程序” has been detected as malware by 16 anti-virus scanners.
Publisher:
Flashget  (signed by Trend Media Corporation Limited)

Description:
Flashget(快车) 在线安装程序

Version:
1, 0, 0, 2

MD5:
6c03cc265ca8c031df2dae48a220e77c

SHA-1:
5d9e43522d828ab3db7f7a297ba35f6cc13d0a18

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
12/25/2024 3:57:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11684412
257

AegisLab AV Signature
Troj.Dropper.W32.Agent.lh3d
2.1.4+

AhnLab V3 Security
Trojan/Win32.HDC
2016.05.13

Avira AntiVirus
TR/Rogue.miiz
8.3.3.4

Arcabit
Trojan.Generic.DB24A3C
1.0.0.680

AVG
Generic35
2017.0.2735

Bitdefender
Trojan.Generic.11684412
1.0.20.715

Dr.Web
Trojan.DownLoader5.44865
9.0.1.0143

Emsisoft Anti-Malware
Trojan.Generic.11684412
8.16.05.22.12

F-Secure
Trojan.Generic.11684412
11.2016-22-05_1

G Data
Trojan.Generic.11684412
16.5.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.0.9.0

MicroWorld eScan
Trojan.Generic.11684412
17.0.0.429

nProtect
Trojan.Generic.11684412
16.05.12.01

ViRobot
Dropper.Shortcut.262192[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Genome.Win32.214646
2.0.0.2859

File size:
256.8 KB (262,976 bytes)

Product version:
1, 0, 0, 2

Copyright:
Copyright (C) 2009 FlashGet Inc.

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\fgcn_102099.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/27/2013 8:00:00 AM

Valid to:
8/27/2015 7:59:59 AM

Subject:
CN=Trend Media Corporation Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Trend Media Corporation Limited, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
143BB0A75FF3C3D020D68E2E1A32DA43

File PE Metadata
Compilation timestamp:
7/12/2010 4:57:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:q8k02IhE4dD0yPYTy4UHz/m2kg8zxkndcYC4Nx19/53eSB2:5PhE4BgeJHz+2yWdnC4x19/he5

Entry address:
0xA56D0

Entry point:
60, BE, 00, 80, 46, 00, 8D, BE, 00, 90, F9, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9023

Packer / compiler:
UPX 2.90LZMA

Code size:
248 KB (253,952 bytes)

Windows Firewall Allowed Program
Name:
C:\Documents and Settings\Administrator\Application Data\fgcn_102099.exe


Remove fgcn_102099.exe - Powered by Reason Core Security