fmpcheckforupdates.exe

Bitberry Software

The application fmpcheckforupdates.exe, “Bitberry Software Update Checker” by Bitberry Software has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Additionally, the file is typically installed by a number of programs including Final Media Player 2012 by Bitberry Software and FinalTorrent 2012 by Bitberry Software, both potentially unwanted software. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Bitberry Software  (signed and verified)

Description:
Bitberry Software Update Checker

Version:
2011.2.5.0

MD5:
1525a7963b53a6741b67e075b32cf9b8

SHA-1:
0a464522f9bb8547b6796a0cfe078221407b211e

SHA-256:
2eb92291c38be7b7c4cdc2ec18edc2e48a8c28f0732fb29bef4e746c0316bdec

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/27/2024 1:38:21 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Task.BitberrySoftware.S
188163

Reason Heuristics
PUP.Bitberry
15.4.21.13

Vba32 AntiVirus
Signed-Adware.InstallCore
3.12.24.3

File size:
1.5 MB (1,560,792 bytes)

Product version:
2011.2.5.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\finalmediaplayer\fmpcheckforupdates.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
11/1/2010 1:00:00 AM

Valid to:
11/1/2013 12:59:59 AM

Subject:
CN=Bitberry Software, O=Bitberry Software, STREET=Blomsterhaven 42, L=Holbaek, S=n/a, PostalCode=4300, C=DK

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00BFCE655DC312403F105230416ACDF5B3

File PE Metadata
Compilation timestamp:
3/11/2011 2:24:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:cVpy/vxszP25vSNbQ0Mjyh0T02V+i4sxAF6sVlucFT7tHf1vB9v:cVEt6MjPT04jdWTZHfT9

Entry address:
0x1678

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 8C, 10, 4F, 00, A1, 7F, 10, 4F, 00, C1, E0, 02, A3, 83, 10, 4F, 00, 52, 6A, 00, E8, 23, EC, 0E, 00, 8B, D0, E8, 5A, FE, 0D, 00, 5A, E8, 7C, FD, 0D, 00, E8, 8F, FE, 0D, 00, 6A, 00, E8, 64, 0F, 0E, 00, 59, 68, 28, 10, 4F, 00, 6A, 00, E8, FD, EB, 0E, 00, A3, 87, 10, 4F, 00, 6A, 00, E9, A3, 99, 0E, 00, E9, 96, 0F, 0E, 00, 33, C0, A0, 71, 10, 4F, 00, C3, A1, 87, 10, 4F, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, E4, 00, 00, 00, 0B, C9...
 
[+]

Code size:
960 KB (983,040 bytes)

2 Scheduled Tasks
Task name:
Final Media Player Update Checker

Trigger:
Logon (Runs on logon)

Task name:
FinalTorrent Update Checker

Trigger:
Logon (Runs on logon)


The file fmpcheckforupdates.exe has been discovered within the following programs.

Final Media Player 2011  by Bitberry Software
This software will install various bundled potentially unwanted programs via the InstallIQ distribution system. It will also modify system settings.
www.bitberry.com
56% remove it
Final Media Player 2012  by Bitberry Software
Final Media Player will modify system settings upon installation, making Final Media Player the default viewer application for supported file types that do not already have a default viewer application associated.
72% remove it
FinalTorrent 2011  by Bitberry Software
Publisher's description - “FinalTorrent is all about ease of use. With FinalTorrent, even novice users can find and download movies, music and software to their PC. FinalTorrent integrates with your web browser so your download starts automatically when clicking a .torrent link.”
www.FinalTorrent.com
50% remove it
FinalTorrent 2012  by Bitberry Software
50% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (162.210.196.7:80)

Remove fmpcheckforupdates.exe - Powered by Reason Core Security