format-factory.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from doc-0k-90-docs.googleusercontent.com and multiple other hosts.
MD5:
3e4f11818976eaa9e897cca83a3adf6d

SHA-1:
f43a66f5ac79276a3e27467d5dd100ddcfa61891

SHA-256:
2056cf412e21c77dbf7ba0d852ebd03c3394fef0115a2d860bf530a254e9794b

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 2:41:27 AM UTC  (today)

Scan engine
Detection
Engine version

K7 AntiVirus
Unwanted-Program
13.175.10735

Kaspersky
not-a-virus:AdWare.Win32.Hao123
14.0.0.4584

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131220

ViRobot
Dropper.Agent.135540
2011.4.7.4223

File size:
51 MB (53,466,540 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\format-factory.exe

File PE Metadata
Compilation timestamp:
6/18/2009 2:33:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:OXcQGRB8CnoTxeg5kPc8ouhMB+VqBFtD+:OkR2Cnol95nnx0

Entry address:
0x3291

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, BA, 2C, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, 80, 36, 42, 00, E8, 43, 29, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 31, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file format-factory.exe has been discovered within the following programs.

FormatFactory 2.95  by Free Time
FormatFactory is an ad-supported freeware multimedia converter that can convert video, audio, and picture files. It is also capable of ripping DVDs and CDs to other file formats, as well as creating .iso images. It can also join multiple video files together into one.
www.pcfreetime.com
24% remove it
iTunes  by Apple Inc.
Apple's iTunes is a proprietary media player computer program, used for playing and organizing digital music and video files on desktop computers. It can also manage contents on iPod, iPhone and iPad.
www.apple.com/itunes
9% remove it
 
Powered by Should I Remove It?

The file format-factory.exe has been seen being distributed by the following 15 URLs.

https://doc-0k-90-docs.googleusercontent.com/docs/securesc/828u7d2knauoi77rappf038u5gmqq81b/s6tk5jtn314bctanfr0keplubhe2at5m/1482156000000/06881904921025053749/.../0BxWqdYK1P3t0aGpncy05LW9YN3M?e=download

https://docs.google.com/a/.../uc?export=download&confirm=FPlN&id=0B1QdPev4Vl9_UnAtcC0wdkdTN3M

https://docs.google.com/a/.../uc?export=download&confirm=1eKU&id=0B1QdPev4Vl9_UnAtcC0wdkdTN3M

http://fileshare1160.depositfiles.org/auth-143425232440192d8ace69ea196dbff7-187.22.100.13-2123558293-133124136-guest/.../FFSetup3.0.1.exe

temp:FormatFactorySetup3.0.1 by TriCKuS.exe

temp:FFSetup3.0.1.exe

http://146.185.26.220/FFSetup3.0.1.exe

http://69.4.238.159/FFSetup3.0.1.exe

Scan format-factory.exe - Powered by Reason Core Security