fontmanager.exe

FontManager

ROSTPEI LTD

The application fontmanager.exe by ROSTPEI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named AZFontsManagerUACDisablingTask. This file is typically installed with the program AZFonts Font Manager by ROSTPAY LTD. While running, it connects to the Internet address server10.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
ROSTPAY LTD  (signed by ROSTPEI LTD)

Product:
FontManager

Version:
1.0.0.1236

MD5:
9297893568c19d4dcdfb43786905fedc

SHA-1:
3a1442604975bffca918d40783e2f157949eb21e

SHA-256:
3b8ff25afae56c829365dc98bee2b9b0f9ef0c14b3a2e01569dbc8f5a285c60a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 8:14:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog (M)
16.12.15.6

File size:
1.1 MB (1,107,104 bytes)

Product version:
1.0.0.1236

Copyright:
ROSTPAY LTD. All rights reserved.

Original file name:
fontmanager.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\azfonts\font manager\fontmanager.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2016 5:30:00 AM

Valid to:
8/27/2019 5:29:59 AM

Subject:
CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET="str. Dolomanovsky, 70D, office 1001", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
57F3D607DA7727B586CD4AFC0D5D8D37

File PE Metadata
Compilation timestamp:
7/11/2016 6:23:37 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xA5FE0

Entry point:
E8, 1C, 08, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 87, 4D, 00, E8, 1A, 05, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, E8, E0, 4A, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, F4, 7D, 4E, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, F8, 7D, 4E, 00, 75, 0A, 6A, 1F, E8, 73, 06, 00, 00, 59, EB, 3B, 83, 3D, F8, 7D, 4E, 00, 00, 75, 2C, 89, 35, F8, 7D, 4E, 00, 68, 08, F1, 4A, 00, 68, F8, F0, 4A, 00, E8...
 
[+]

Entropy:
6.6518

Code size:
690 KB (706,560 bytes)

Scheduled Task
Task name:
AZFontsManagerUACDisablingTask


The file fontmanager.exe has been discovered within the following program.

AZFonts Font Manager  by ROSTPAY LTD
About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server10.ext.freeteam.org  (46.46.160.235:80)

Remove fontmanager.exe - Powered by Reason Core Security