ftsetup.exe

FinalTorrent

Bitberry Software

The application ftsetup.exe, “Download client for .torrent files ” by Bitberry Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.berrycleanfactory.com and multiple other hosts.
Publisher:
Bitberry Software   (signed by Bitberry Software)

Product:
FinalTorrent

Description:
Download client for .torrent files

Version:
2015.15.01.04

MD5:
88a27c235e81a38609824690864a9f18

SHA-1:
22d4f806b4041a5cb978f6d46ee64274d326dff4

SHA-256:
a62b20adc1e4dd920c633357d2583789e866e7fa860bd078245595b6a434af44

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 4:52:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bitberry.Installer (M)
15.6.30.16

File size:
3.9 MB (4,056,304 bytes)

Product version:
2015.15.01.04

Copyright:
Copyright © 2010-2015 Bitberry Software

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1\ftsetup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/13/2015 1:00:00 AM

Valid to:
3/13/2017 12:59:59 AM

Subject:
CN=Bitberry Software, O=Bitberry Software, L=Holbaek, S=n/a, C=DK

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2B45F5EACFCCD01402902F5B86CE6120

File PE Metadata
Compilation timestamp:
7/9/2014 9:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:cMH69VreiBo0yMWsCdMKWYKGSMzuIMLJf1HD3:QvrlPCdcYKGNzvOBL

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file ftsetup.exe has been seen being distributed by the following 4 URLs.

http://cdn.berrycleanfactory.com/c?x=/iyu7T5mzUjxYo3EIf0RAohRHw7EK1w0h1IAGjdDoOY=&c=KVi3kdY1ZFUk9UAu3eVXR/hW9qmpVnNZveatbibs4yzQrIbqleE YFnLCsT54aJu3nFoEXMJBwVLW7hlAKsUoxImS0v2LBT1Z94M5PCUSKLEH79dk5Dr3684jEd3DAV9JwJbl68/RxjvPPk8Yb5quw==&downloadAs=FinalTorrentSetup.exe&fallback_url=http://www.finaltorrent.com/.../newest.exe

Remove ftsetup.exe - Powered by Reason Core Security