» crfvdie.exe
Overview
Analysis
File Details
Behaviors (1)

crfvdie.exe

Time Doctor LLC

The executable crfvdie.exe has been detected as malware by 20 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named htoelej triggered to execute each time a user logs in.

File name:

crfvdie.exe

Publisher:

Time Doctor LLC (signed and verified)

MD5:

4339f4fa609805f75874188db417cfff

SHA-1:

021922b05c4f015e2f8a9ce83ab3822fc5a4a71a

SHA-256:

b2a6ed7253a9375a12fe0a03e38df3a07c8dc557f65511e8fd5b19e0d7ae4805

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/25/2024 9:38:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.177567

373

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Avira AntiVirus

TR/Crypt.Xpack.432609

8.3.2.4

Arcabit

Trojan.Zusy.D2B59F

1.0.0.646

AVG

Generic37

2017.0.2851

Bitdefender

Gen:Variant.Zusy.177567

1.0.20.135

Emsisoft Anti-Malware

Gen:Variant.Zusy.177567

8.16.01.27.10

ESET NOD32

Win32/Injector.CQYK (variant)

10.12933

Fortinet FortiGate

W32/Generic!tr

1/27/2016

F-Secure

Gen:Variant.Zusy.177567

11.2016-27-01_4

G Data

Gen:Variant.Zusy.177567

16.1.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.2.0.4.0

K7 AntiVirus

Trojan

13.212.18551

Kaspersky

HEUR:Trojan-Ransom.Win32.Raas

14.0.0.750

Malwarebytes

Ransom.CTBLocker

v2016.01.27.10

McAfee

Artemis!4339F4FA6098

5600.6507

MicroWorld eScan

Gen:Variant.Zusy.177567

17.0.0.81

Rising Antivirus

PE:Attention.LeakedCert-TimeDoctorLLC!1.A3FA [F]

23.00.65.16125

Sophos

Troj/Ransom-BZB

4.98

ViRobot

Trojan.Win32.CTB-Locker.781200[h]

2014.3.20.0

File size:

763.6 KB (781,968 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\crfvdie.exe

Digital Signature

Signed by:

Time Doctor LLC

Authority:

COMODO CA Limited

Valid from:

4/17/2014 2:00:00 AM

Valid to:

4/17/2016 1:59:59 AM

Subject:

CN=Time Doctor LLC, O=Time Doctor LLC, STREET=800 E. Charleston Blvd, L=Las Vegas, S=NV, PostalCode=89104, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

560E898EA6CE12B2625740328076DCFB

File PE Metadata

Compilation timestamp:

12/17/2015 4:38:04 PM

OS version:

3.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:PtrKD35lo/4e50hHIpeY+CfKfjT4nOdCFzuGESx2e5ej5cTZC825lPR4rI1ezYzn:lk5G/X50HBY+ljT41jx2tdcTZW5lPsgN

Entry address:

0x1A76

Entry point:

55, 8B, EC, 6A, FE, 68, 68, 27, 40, 00, 68, 92, 1C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, C4, 21, 40, 00, 59, 83, 0D, 30, 48, 40, 00, FF, 83, 0D, 34, 48, 40, 00, FF, FF, 15, C0, 21, 40, 00, 8B, 0D, 24, 48, 40, 00, 89, 08, FF, 15, BC, 21, 40, 00, 8B, 0D, 20, 48, 40, 00, 89, 08, A1, B8, 21, 40, 00, 8B, 00, A3, 2C, 48, 40, 00, E8, AA, 01, 00, 00, 39, 1D, 40, 47, 40, 00, 75, 0C, 68, 8E, 1C, 40, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

4 KB (4,096 bytes)

Scheduled Task

Task name:

htoelej

Trigger:

Logon (Runs on logon)

Remove crfvdie.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.