» cafconstart.exe
Overview
Analysis
File Details
Behaviors (1)

cafconstart.exe

PrjStart

CAFCON Co.,Ltd.

The application cafconstart.exe by CAFCON Co.,Ltd has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

cafconstart.exe

Publisher:

CAFCON Co.,Ltd. (signed and verified)

Product:

PrjStart

Version:

1.00

MD5:

d66659b20868d5f7e9adaf10037b805d

SHA-1:

e1a1f33633ddc9669cedb2fb1a82c277b2b380be

SHA-256:

8cab4eafa272723c018b74fa2fec629b5903cc2c4ba99900f49568139e3d0af8

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/10/2024 9:56:41 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

TrojWare.Win32.TrojanDownloader.VB.PMEA

17914

Reason Heuristics

PUP.CAFCON.Reputation

15.11.12.23

File size:

95.9 KB (98,184 bytes)

Product version:

1.00

Original file name:

cafconstart.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\downloaded Program Files\cafconstart.exe

Digital Signature

Signed by:

CAFCON Co.,Ltd.

Authority:

Thawte, Inc.

Valid from:

12/24/2013 9:00:00 AM

Valid to:

12/25/2014 8:59:59 AM

Subject:

CN="CAFCON Co.,Ltd.", OU=IT Team, O="CAFCON Co.,Ltd.", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

39C5BD8C073E535063B058AD0A5F35CD

File PE Metadata

Compilation timestamp:

1/17/2014 6:52:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:rWLWZnqxMQP8ZOs0J+kSWZnqxMQP8ZOs0J3Cr:rH/gBB/gBxM

Entry address:

0x1298

Entry point:

68, 8C, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 16, 7F, 65, BE, 84, 59, 9F, 4F, 88, E0, 0A, 25, 4D, CD, DB, 52, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 7B, 30, 30, 30, 32, 30, 50, 72, 6A, 53, 74, 61, 72, 74, 00, 30, 30, 30, 30, 2D, 43, 30, 00, 00, 00, 00, 06, 00, 00, 00, 38, 1D, 40, 00, 07, 00, 00, 00, 08, 1C, 40, 00, 07, 00, 00, 00, 50, 1B, 40, 00, 01, 00, 01, 00, 20, 19, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00... 
[+]

Entropy:

5.3458

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

44 KB (45,056 bytes)

ActiveX Install

Name:

{ABE3235C-D5F6-46EC-B5D3-96A6B1FC7F1E}

Remove cafconstart.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.