home

fmolsvr.exe

Yulong Xie

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FMOL2_svr_201412040825’.
Publisher:
速加程序加速  (signed by Yulong Xie)

Product:
速加程序加速

Version:
1.1.2.15

MD5:
11526095c405e133f0fc678fabef7799

SHA-1:
8f183b85c820c3757b55aee9fbf1da09f18900b5

SHA-256:
838b6b6821460aed5e903c03ffb827b6b9a65c5fa9b062eddc58c6977fbc5db9

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
1/1/2025 8:16:34 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/WuJi (variant)
8.10816

File size:
693.2 KB (709,792 bytes)

Product version:
1.1.2.1115

Copyright:
2014年程序

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\fmol_201412040825\201412040825\fmolsvr.exe

Digital Signature
Signed by:
Yulong Xie

Authority:
WoSign CA Limited

Valid from:
11/13/2014 4:54:51 AM

Valid to:
11/13/2015 4:54:51 AM

Subject:
CN=Yulong Xie, L=Tengxian, S=Guangxi Zhuangzu Zizhiqu, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3CCBA4D87FD47563CB4217984FC82331

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:IFZ/IfXFXnNoWz6JOyZHdHGCliOnJEcpuJmLvUaowYRrM81tYRHyD9zyM8uP3qfW:IL/IfV9oWG19mClikEcplAv751tNB/82

Entry address:
0x1F681F

Entry point:
68, 56, FE, FE, 3D, E8, B3, C9, 01, 00, A0, BD, E9, 4E, F9, A5, FB, B7, F5, BB, F5, 9E, E8, 4F, C1, C6, 71, C2, 38, 67, F8, 91, DA, F8, 98, 82, 82, 88, E8, 96, D6, 96, EE, 43, CD, 18, 77, 25, 12, F8, E2, B2, B2, 72, 44, B9, 33, 3D, CC, A4, 05, 8D, FB, F5, 39, 81, F3, BF, FF, A1, 00, 00, 52, 65, 67, 46, 6C, 75, 73, 68, 4B, 65, 79, 00, 3A, F4, AA, D0, 82, E4, A6, C2, 65, EF, 68, 06, 63, D8, FE, AA, 17, FF, 33, 0C, 62, D4, 81, E0, 96, EA, 67, 2B, 1E, 91, 43, C8, 9A, 1F, 89, FD, E9, C1, C5, 89, D1, 70, AE, A1...
 
[+]

Entropy:
7.9037  (probably packed)

Code size:
2.1 MB (2,176,512 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FMOL2_svr_201412040825

Command:
"C:\Program Files\fmol_201412040825\201412040825\fmolsvr.exe" -mini


Scan fmolsvr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.