» crossfire_downloader.exe
Overview
Analysis
File Details
Downloads (23)

crossfire_downloader.exe

SG Interactive, Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

SG Interactive, Inc. (signed and verified)

MD5:

0669c0cf711caae243ad44c1bf08833f

SHA-1:

7c0cffa02a837849177c0626d12539c573044d83

SHA-256:

40a87185875027b0aec341fbcc795c2cac2db868ab76a5afb1e0fa8e78826ab9

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

5/10/2024 12:20:25 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.14220

File size:

2.9 MB (2,999,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\crossfire_downloader.exe

Digital Signature

Signed by:

SG Interactive, Inc.

Authority:

VeriSign, Inc.

Valid from:

11/1/2013 1:00:00 AM

Valid to:

2/25/2015 12:59:59 AM

Subject:

CN="SG Interactive, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="SG Interactive, Inc.", L=Irvine, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

220FA9CD9CB251C266327874C4782FC3

File PE Metadata

Compilation timestamp:

11/2/2013 5:14:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:DCoUapJJFXuVU94de0jx1b1THf5yHtWMBX++NJYMGrXkSbHFEZn6r8VWzk9:DbPzF+VVFN1hT1ku0JBGrXkSblsnEzk9

Entry address:

0xAAA2A0

Entry point:

60, BE, 15, 90, BD, 00, 8D, BE, EB, 7F, 82, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Code size:

2.8 MB (2,957,312 bytes)

The file crossfire_downloader.exe has been seen being distributed by the following 23 URLs.

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1442269394&Signature=Ewe~WztKzEOYufLQrMAzY49ZJGb0H1IHfDLoX4Nsdav~j11eBEo4GdeH7zu1x3Xu5ZyEYkwPUVUpfra7sVanCNC~LfuJapjq45MU3BsdyVPN~cK7M2L0~-PmJ5e6MRrByuHMxlGgAxEhPiC0VzP-9wjk7gi2ndFR9oh3HXGwndk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://global-shared-files-l3.softonic.com/7c0/cff/.../file?nvb=20141117164238&nva=20141118044338&token=070991dc9b738731f8045&instance=softonic_en&filename=Crossfire_downloader.exe

http://cross-fire.tl.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKCHoaCmkZk=

http://global-shared-files-l3.softonic.com/7c0/cff/.../file?nvb=20141025100054&nva=20141025220154&token=0e34723a9a89d222c4917&instance=softonic_en&filename=Crossfire_downloader.exe

http://global-shared-files-l3.softonic.com/7c0/cff/.../file?nvb=20140329080145&nva=20140329200245&token=03d07ec7541d878d5ca9b&id_file=77971&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_es&type=PROGRAM&Expires=1421935123&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=gHCCMD6YZ~d8p-glbIiQ7yyigWjBm3xAACLNsxjTLIx8vz48fpTQC3pewXg7SX389-Ama67BPlADtQpOfqRobtfYm4k4x5fLSg52iBASJryx2oZQOsJXISRT-N6zc2QMKt-mjMHjmp83UHVXmGC~XlVNekkDyS45vDAfUA7DNRw_&filename=Crossfire_downloader.exe

http://global-shared-files-l3.softonic.com/7c0/cff/.../file?nvb=20150110150550&nva=20150111030650&token=059252a3fd5dfba148deb&SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1439874780&Signature=ZsOMF0bLS38EsqjE0kSFg279Cf~sH5uyRaBhgS5Z6CyV87trc81wrPh-A5FQ4jKOA6uuqjRF~KE7qcdPHrGoPIhLWVqLVM5ReyU17NtJZD-G53y-DbbzSB6tXBFSRQFbXw5-AUHE3ljo8eXTZ3ZUH2Fi55O4C7t22tNmL7Y~If8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1433753622&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=HxU~~dWebYKEJNaCf3HLSSz2tQ5pDw8Crs5hgwIetftgIVy2wDgy7MiEvg~68yN7fJ6hu-DMSqgi23dlOGfW3PNENuaoZZQyd~lnfnNLhQx0UpF61AOvrNJTISJkyNn-hVpEIQYBlyMZKYo5KU1isBtbrDj43XgG8Y4Xi83XAOU_&filename=Crossfire_downloader.exe

http://cross-fire.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKCNoaWnmZ0=

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1425430416&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=WWXNYQAxcHLsoduJU8um0Ycl4djfUHg4uJgbdPwF4IIZKgH-1-HMp-~nkOFYKGSkgJjiBQrge7ZQLFLRBhzS37F2gYHy4YAue4tLEKQVol7N2MFOSu4Im-7CE4odzjaheeL6lCXuLbKMKeOwsbu9z1SUMqx4RuK3YaZAeHNYkPQ_&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1437338416&Signature=PsFlmNVWjtiKMZkyFBc6EHbojZ3LOIqXVwAjzgdxEfFJGWp2uIbCchRRvW1E9y6iN0v55QI4GW7xCYw-Pry4kCXV4GncTW8fxNcEtWQUUlvbQ86NJ0APP34mkR5aBeBNy~Jub8ib4KZwWm1JLNgRKDiCpmDwNYgx1UOP8rkp32o_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1431582624&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=SsODxuloxh7Em4Tunwv-4x1FOyLf9PpbBFS-tQaWMWrz8dXTEBm2Icq2MF5hMKV-U5Elilr2AtwQ9iWHIwBK7z0-e08Zu2EoYy8lNzlVf2jOvTUUxyDy9TG5233YswZaK1ytFSznsQkTx5xIB7Ouw1n0EJj~JJ~T9xg495YFoL8_&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_es&type=PROGRAM&Expires=1436319296&Signature=eyXInE7GN-0lkbOJlpb9BG-Wd5XluDFySHzATLcxPpfvQMzQxkYQByCAZvYVeCRJZQsnsH1QcIp2IJ4KphhbelvVRxKGbYRkTePVRkxZ6sB-fKIHaXuQZiDfsAka5BBip0NjN2koC4H~LYUZv8LM2FhIMmFqoCiGXftr8jegzjM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1440476082&Signature=D5iSfUbCj0auiNWLx2BhWg0J1DE7UJdyTijPua7MMz2X5Tds4tnujQHAtR~vHL7R-JzhYwAwe3hBw1laBEmdlJ8P70N6BG0ZhwvVo6p9qYIKxfqVT0g75hVpHC8MJc7PlVg0pAccHJKwMa3elcAHGYU2PNY47BvLra-BjDFlhPM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://cross-fire.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmJ-On6KmlJQ=

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1440849238&Signature=IJ86XAya~6t2b79xzIpkOMf5kSUrOYpEkZtOX0BJHrSdKthDb15l2PAB8cRq-3z5Rtp2XWqjvNgKQILr9UJttaPudonseln6QF2cXkHcKzitpzdO~yL2R2yotu5BvLj5Ib94v8zu~c69SFfbr22AL7nv3r1efGYg3xrYnr0wGWA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1436220334&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=GrDahzH0UDwAPCxNMujSj2AeD-aNALMzEKWwhwIV-dKYG8SSnZvSvUYRiHNg1lxx5c4RoSgaNNce8dAjfNMwzJIZ-NvaHawsf6JU3yyI1eN~56JbAvkkCKrg7uLlJTQiUGJmUxYdkrxUlmkUwOIaFNC45Cm8MmktHm4tDVfpFTI_&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1435695580&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=RutOK7DuAQu~2CANH8-mOW5QPbQaCIpauUUCX0TJVRsrugjKLesthzjIYshoEs30t9KPeeTZfCKiPKE6V8JPDDpz3rCIbDTrkAXvUr7-X2maujTi4M6k1l5Gba8HPojQsQvDgihieNTkeyOcMRXj4QTv0z4yejoCu10E-2Po~hs_&filename=Crossfire_downloader.exe

http://gsf-cf.softonic.com/7c0/cff/.../file?SD_used=0&channel=WEB&fdh=no&id_file=77971&instance=softonic_en&type=PROGRAM&Expires=1428682667&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=hmvEh3ExujTmN1l5QRPv76oYyzgOFeQpT7ngNXLrvNgW6q1ZoAPZq5lvbOc9vSILP6DU5PwBCV1chdkbVN2ZbGX0~qCnbxqReg4b~GCGSIUJbcW9fNalvmUeS~MZBoNbAhzQXqt2ihlMtFle8OkbYXSS6wJjgUKgseWxgwmowvM_&filename=Crossfire_downloader.exe

http://global-shared-files-l3.softonic.com/7c0/cff/.../file?nvb=20140605152803&nva=20140606032903&token=08bc520141066b6fe4938&id_file=77971&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=Crossfire_downloader.exe

http://cf.cdn.patchgamerage.com/.../Crossfire_downloader.exe

http://eu.cf.cdnetworks.net/.../Crossfire_downloader.exe

Scan crossfire_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.