home

crossfire-spaces.ru.exe

Client Application

This is a setup program which is used to install the application. The file has been seen being downloaded from cs06.userfiles.me.
Product:
Client Application

Description:
Client MFC Application

Version:
1, 1, 03, 4

MD5:
6988f218d61c25e68eba62eaac81d914

SHA-1:
84d5c6aec1d7549d015421795f1d88682d4cbd0b

SHA-256:
c6941a727930aaa34e9d9b9eaa26078d2d3033c3da335990ac0c196d9ce2dcbc

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 9:08:24 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

McAfee
Artemis!6988F218D61C
5600.6500

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.16202

Trend Micro House Call
Suspicious_GEN.F47V0505
7.2.35

File size:
1.6 MB (1,654,784 bytes)

Product version:
1, 1, 03, 4

Copyright:
Copyright (C) 1997

Original file name:
Client.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\crossfire-spaces.ru.exe

File PE Metadata
Compilation timestamp:
7/7/2011 10:41:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:3yNA/yWjd4PNrqp0HnhK5wJKGz92YJUasni7glSYARDo0BDJwt25GoLaLTK8SPoO:3yR+d4Va0BTTYYeVBsYek2aL+7w

Entry address:
0xF3FD3

Entry point:
52, BA, 64, 00, 00, 00, EB, 1B, B9, 00, 10, 00, 00, EB, 05, 03, C1, 03, C3, 49, 0B, C9, 75, F7, 52, 54, 54, FF, 15, 40, 70, 6E, 00, 5A, 4A, 0B, D2, 75, E1, 5A, E9, 00, 50, 35, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 09, 00, 01, 00, 00, 00, 58, 00, 00, 80, 02, 00, 00, 00, E8, 00, 00, 80, 03, 00, 00, 00, 08, 01, 00, 80, 05, 00, 00, 00, 28, 01, 00, 80, 06, 00, 00, 00, 60, 01, 00, 80, 0C, 00, 00, 00, D8, 01, 00, 80, 0E, 00, 00, 00, 60, 02, 00, 80, 10, 00, 00, 00, 78, 02, 00, 80, 18, 00, 00...
 
[+]

Code size:
2.4 MB (2,482,176 bytes)

The file crossfire-spaces.ru.exe has been seen being distributed by the following URL.

http://cs06.userfiles.me/f/0/1425049069/20288765/0/.../crossfire-spaces.ru.exe

Scan crossfire-spaces.ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.