» fpthook.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

fpthook.exe

The executable fpthook.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program Warface by Mail.Ru. The file has been seen being downloaded from docviewer.yandex.com.

File name:

fpthook.exe

MD5:

7b95993124e9433d755a2b52d4b93014

SHA-1:

19e12bb4a8fb545ceada5b77f677d24911ab9609

SHA-256:

cc4d9e37078f5b48d4d230009b4398959669070a4d914648966ab408d9948dc0

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

11/2/2024 9:29:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11505090

921

Avira AntiVirus

TR/Hijacker.Gen

7.11.163.142

Bitdefender

Trojan.Generic.11505090

1.0.20.1045

Comodo Security

UnclassifiedMalware

18946

Emsisoft Anti-Malware

Trojan.Generic.11505090

8.14.07.28.02

F-Secure

Trojan.Generic.11505090

11.2014-28-07_2

G Data

Trojan.Generic.11505090

14.7.24

IKARUS anti.virus

Trojan.Hijacker

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.181.12806

McAfee

Artemis!7B95993124E9

5600.7055

MicroWorld eScan

Trojan.Generic.11505090

15.0.0.627

Rising Antivirus

PE:Trojan.Win32.Generic.13554390!324354960

23.00.65.14726

File size:

45 KB (46,080 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

768:my3qKbQTicw0/KU0Y7IltlcrPJnt9EvmEJnffHmf0CKWnFpnrotWMmH6k28x:x3qKbQTiPk8blO8vt/CK6FO3m6kHx

Entry address:

0x905C

Entry point:

55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, A1, B0, A3, 40, 00, C6, 00, 01, B8, 14, 90, 40, 00, E8, FF, BD, FF, FF, 33, C0, 55, 68, 4D, 92, 40, 00, 64, FF, 30, 64, 89, 20, A1, 04, A3, 40, 00, BA, 64, 92, 40, 00, E8, 9E, B1, FF, FF, E8, 35, 9E, FF, FF, E8, 88, 95, FF, FF, B8, B8, 92, 40, 00, E8, 66, FA, FF, FF, 84, C0, 74, 17, 8D, 45, EC, E8, 42, FB, FF, FF, 8B, 55, EC, B8, E0, B7, 40, 00, E8, A1, AC, FF, FF, EB, 15, 8D, 45, E8, E8, C3, FB, FF, FF, 8B, 55, E8, B8, E0, B7, 40, 00, E8, 8A, AC... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

33 KB (33,792 bytes)

The file fpthook.exe has been discovered within the following program.

Warface by Mail.Ru

Warface is an online browser based free-to-play first-person shooter. The game is exclusive to the PC and is powered by CryEngine 3. This game is currently in an open beta stage on Mail.Ru's game client in Russia.

wf.mail.ru/register?site_id=1_880_69112_0

About 2% of users remove it

The file fpthook.exe has been seen being distributed by the following URL.

https://docviewer.yandex.com/source?id=1x05-hfio21pepo76ojurnyef04w3fwwxx5p9hrngoz92wur3o96eanbsu203xghcdiqkg5r0qouzfq1if2xxe3oltwcr3kepqbdojm2&archive-path=//ESP/.../HxuGYvXOAHiUIQ==&name=ESP.rar

Remove fpthook.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.