home

cafconstart.ocx

cafconstart

CAFCON Co.,Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file cafconstart.ocx by CAFCON Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by CAFCON Co.,Ltd.)

Product:
cafconstart

Version:
1.00

MD5:
c282b5d8a947d5dcd018576f624ee952

SHA-1:
1c1d6e11a693dc8931c2dcf5836aca2d96aa9f16

SHA-256:
ad55d5f127f08c477a0795abb8276870781ef5954264777920b15029256a1519

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/4/2024 1:20:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CAFCON.Reputation
15.11.12.23

File size:
138.7 KB (142,056 bytes)

Product version:
1.00

Trademarks:
cafconstart

Original file name:
cafconstart.ocx

File type:
OLE control extension (Win32 OCX)

Common path:
C:\windows\downloaded Program Files\cafconstart.ocx

Digital Signature
Signed by:
CAFCON Co.,Ltd.

Authority:
Thawte, Inc.

Valid from:
9/26/2014 9:00:00 AM

Valid to:
12/27/2015 8:59:59 AM

Subject:
CN="CAFCON Co.,Ltd.", OU=IT Team, O="CAFCON Co.,Ltd.", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
191D08AAF3A8E7EC287188BEFA52BD1E

File PE Metadata
Compilation timestamp:
12/23/2014 10:07:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:cPHk1pMTqcUWZnqxMQP8ZOs0JN3WZnqxMQP8ZOs0J3CbyT4/u:YSGTl/gBa/gBxMsUu

Entry address:
0x1478

Entry point:
5A, 68, 20, 5D, 00, 11, 68, 24, 5D, 00, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, 6C, E5, 78, A4, E1, CC, 85, 45, 90, 91, A5, B2, AE, 76, 64, 0E, 00, 00, 00, 00, 02, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 63, 61, 66, 63, 6F, 6E, 73, 74, 61, 72, 74, 00, 00, 00, 00, 00, 63, 61, 66, 63, 6F, 6E, 73, 74, 61, 72, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3429

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
16 KB (16,384 bytes)

ActiveX Install
Name:
{ABE3235C-D5F6-46EC-B5D3-96A6B1FC7F1E}


Remove cafconstart.ocx - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.