flipalbum-pro.exe

E-Book Systems Inc.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.funcentralnew.com and multiple other hosts.
Publisher:
E-Book Systems Inc.  (signed and verified)

MD5:
2c60fc8f5f8bc3d32bcc3fd34a3d379d

SHA-1:
c3a972a2146523f57f3ed6a1d0385799504405b7

SHA-256:
eec7595225e18a93207bd72c7f9c6d578c12b438b69d2c6186664780f318f4db

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 7:57:21 PM UTC  (today)

File size:
18.2 MB (19,134,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flipalbum-pro.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/18/2006 2:00:00 AM

Valid to:
10/16/2008 1:59:59 AM

Subject:
CN=E-Book Systems Inc., OU=SECURE APPLICATION DEVELOPMENT, O=E-Book Systems Inc., L=Santa Clara, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
348BB39A413176C89A29EE221DB1118D

File PE Metadata
Compilation timestamp:
9/29/2007 2:50:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:0tl0Ugo/c7Fo7QU+XjGqishWyORFBsw4n+av6B7YQSXX6R5DfAGkKp:xUgo/2nU5qiAWy2FB+vepSXUN/p

Entry address:
0x30F3

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, C8, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, D8, EC, 42, 00, E8, D4, 2A, 00, 00, A3, 24, EC, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 40, 90, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, 20, E4, 42, 00, E8, 8B, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 79, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flipalbum-pro.exe has been seen being distributed by the following 20 URLs.

http://www.funcentralnew.com/iEU8QBDaQXf1i 2oDyIeIS7Y7hhv7Qi2pbCqivG7Z4XnIDcGr3rwYtI7vb8YE30IHl7MilTYWVxFn80wqcWRp6rOusqtAgrRczri8EDBbuTD5r4O1DwAfQGaVascLnHHShvjJRGEj 12RdunMCBVJ25uSGiEs25FIXQoY_BFdZjxw5_3yRO1vs0RJbTgH0xGePEXn1ZF1QgD4OKDUZ4vG1AM4_AOyw==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/jI1 yQKnUz3mu0Rkb4BoZiijz3J5PjH3UdBuDg67febjblWV3kT2ZtCSJ5ME4sW5V1LPInW2UvhcnPQmR fsIXtS4qWkLd f5aEiGhdrXtNnxvukcfiVeAuZP0OwaEdd5DoYir BPG3PkxjbN3Esh7WgO5MLEwo taPE4CTuNQ42cMqT5rKZwQt9VFshYa_SEtKAqn8lJrCjNFvOWvs8kfK6EPAOKLeBOmPLcni3aOzTvSl1AC0rV6zVo2sTO1hqgaEC0eOJT4t25Zz7iTlZGfKJEpt3hZjUiJ1bRLq5aeUTYXSLtwzG4kzfC7XaXtn5 xRSRrnmkSoNXVKrBgLz9Pr0DNC3cN ulyZSx_1TmTTMHQ2F_SoDmI 6Ug2iwd23wCuOSw3gp9 hksSrtfB2ehW0thd3TcSZD8Gfh0pdUfLR5OlCLOQDVWJslHFHmLdtgegb65XEkz6a9FJE6AJ664T6vo BoA==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA-e

http://www.funcentralnew.com/D2_5DbonhWm_oG88PRyuXTTjDanYGyYwaMqfoPYVz5qvnx_PG21H63_ofPjFuqWlSfCLTbKVHpk4xafHwfZi2yBRpWFC505SqMY2 qTDPnOLXM8v_Iow08H3T6SOWEYyKBTlq6xn3Zim ip6z_LNmCRiRPgdxJN__doS2sEe2LZrRDW7J9CYBNoWjKeZmeK25ZVTT7p4uZmxcwtfBBqJJ3qegUIFIw==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://www.funcentralnew.com/f4rzvKvAf67omRvEPKqY0QKDp4_Qok4Sssw25Na6yiVh8qkP_ByTsK_mtoBbX0VFnPV3ZSaGzipM XoLrv DXh_d8GVJCO 3dlOm OAr9W6BExMLRyt0kxuEB588wRmclWe7tcPh1JaTpsHn9FR2_1Nhj6QlPJL4gb7mal99TjsxQT3BaUek4qoyHDYI9cEeTO711yMSw X_mYsrlv9frHlxRdqr7A==-GxQAAKRdxtretCCEFCKK5DqwG4Nvu_EA

http://ec.ccm2.net/es.ccm.net/download/.../fapvseval-1.exe

http://www.downloadpresentcity.com/PR9QTbqLSZxSmCy0BkehwRxnHuer0DvWgTnFDuzqleC0_y2WqUyGtbvKPwPoMD3GYCuZy0UXiGfy3cRdtKrTOLnYoN_SqWh3lvSjWpay2pgKTY8_O83_yMeIMOcJnDi_VGV3GGELrYupjCQw VS Ip8pnr6KMKGTBIdMi4PpGKGFBfXiEicfjurdZugNlHvWYkh7voZMVlUR 6qbN9CVjhINqjd9oQ==-Gx0DAGR4t9GPAxdE3s9HRC2i0qUwkQP2thhiPom9Nw48WWPkZxGY2 sY8744n0e_470WZQLHyCV0dSOFSMUq54eKpo7ALOw4ld6SERCRTvjkC00jtvq23NzN3xYg3tHiuFQ_KJJtRrDMO6Ednx0Y2hBjl7tXKHbtr_chya2tisJNPyX3BqzEKY HjoZnJUJscn2pK29D7dniYjfUkIUcshNDS2Rhxi4uA_YOuHPlZCTVylYx 0JUG uFYTTPLZrg0cfzscaO0p_IU2s2nQV1srINyxpQzslMv80qJexyqOYUoz1THvXD6Q4rWNkh_zGhvvGND9QcXcJ9Jazdm19nx25RedBXUt h8iIw0H2GGNu7KOBebWhjTYmOaThpadqKC7RWw0Zq52HmkVOo0rwPpY5PrZ0O224O7Seegjd7qcYMnYa51TV7YMmUTuG9eehoCbOlXN7LrZDPRBnfYd_I tKKsd0MXJKeT6dZKALVOq4v6iTs4CJnJuwa3xf9PQ8iMGj5aTFRtVhr8I3GtcTzGBR0pVQzmBMHA644mnr4nONqO1b0Jca Y6ZHaUziQLVVtxG8lO_3sA844Fpes9dBLWF7lBdutK07ej ZhuR7yYJQreDfxlPg1Nn3uedn7O 7NknFHR9u70pl7IzIBymdwA2Su2QVtIBZhNn9icMvlcwvcYK5M3mhm0Wcrwrtg4 bXpelX1fdkLk_MiF5QO fEmIAYPjwS_0srELs

http://www.factoryheadcentral.com/c?x=bP2YCw/O52r m6adhaEqjII01q2d5NC3Wy/uGjUB6C0=&c=s/rV QffqS4Mo3pb9IMJYpryffKtEF8rmWsq CqaiIU3IER9gCF/RaqZjMYM5e06e VNzag50Z vTiFRdTQsf0gk TysIIwW/qiy9g4cyVTdcnm6l1/CRkrKrjxNJOec6akqh6eSExhMCCCYNKlq2i/cxeAllz cJf0qxmQfjro=&e=0&downloadAs=flipalbum-vista-pro-6.0.exe&fallback_url=http://pf.benjaminstrahs.com/s/1467180766/en/7/.../79777-75748-flipalbum-vista-pro.exe

http://download.findmysoft.com/2012/08/.../FlipAlbum-Pro_5.5.exe

Scan flipalbum-pro.exe - Powered by Reason Core Security