fpthook.exe

The executable fpthook.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program Warface by Mail.Ru. The file has been seen being downloaded from docviewer.yandex.com.
MD5:
7b95993124e9433d755a2b52d4b93014

SHA-1:
19e12bb4a8fb545ceada5b77f677d24911ab9609

SHA-256:
cc4d9e37078f5b48d4d230009b4398959669070a4d914648966ab408d9948dc0

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/23/2024 6:41:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11505090
921

Avira AntiVirus
TR/Hijacker.Gen
7.11.163.142

Bitdefender
Trojan.Generic.11505090
1.0.20.1045

Comodo Security
UnclassifiedMalware
18946

Emsisoft Anti-Malware
Trojan.Generic.11505090
8.14.07.28.02

F-Secure
Trojan.Generic.11505090
11.2014-28-07_2

G Data
Trojan.Generic.11505090
14.7.24

IKARUS anti.virus
Trojan.Hijacker
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.181.12806

McAfee
Artemis!7B95993124E9
5600.7055

MicroWorld eScan
Trojan.Generic.11505090
15.0.0.627

Rising Antivirus
PE:Trojan.Win32.Generic.13554390!324354960
23.00.65.14726

File size:
45 KB (46,080 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
768:my3qKbQTicw0/KU0Y7IltlcrPJnt9EvmEJnffHmf0CKWnFpnrotWMmH6k28x:x3qKbQTiPk8blO8vt/CK6FO3m6kHx

Entry address:
0x905C

Entry point:
55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, A1, B0, A3, 40, 00, C6, 00, 01, B8, 14, 90, 40, 00, E8, FF, BD, FF, FF, 33, C0, 55, 68, 4D, 92, 40, 00, 64, FF, 30, 64, 89, 20, A1, 04, A3, 40, 00, BA, 64, 92, 40, 00, E8, 9E, B1, FF, FF, E8, 35, 9E, FF, FF, E8, 88, 95, FF, FF, B8, B8, 92, 40, 00, E8, 66, FA, FF, FF, 84, C0, 74, 17, 8D, 45, EC, E8, 42, FB, FF, FF, 8B, 55, EC, B8, E0, B7, 40, 00, E8, A1, AC, FF, FF, EB, 15, 8D, 45, E8, E8, C3, FB, FF, FF, 8B, 55, E8, B8, E0, B7, 40, 00, E8, 8A, AC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
33 KB (33,792 bytes)

The file fpthook.exe has been discovered within the following program.

Warface  by Mail.Ru
Warface is an online browser based free-to-play first-person shooter. The game is exclusive to the PC and is powered by CryEngine 3. This game is currently in an open beta stage on Mail.Ru's game client in Russia.
wf.mail.ru/register?site_id=1_880_69112_0
About 2% of users remove it
 
Powered by Should I Remove It?

The file fpthook.exe has been seen being distributed by the following URL.

Remove fpthook.exe - Powered by Reason Core Security