home

crossfire_downloader.exe

7ZSfxNew

Oleg N. Scherbakov

This is a setup and installation application. The file has been seen being downloaded from download.g4box.com.
Publisher:
Oleg N. Scherbakov

Product:
7ZSfxNew

Description:
7z Setup SFX

Version:
1, 2, 0, 715

MD5:
2010e3ec3440b052cb45954172f1df48

SHA-1:
e067bc86752e97628a5cd49b1acfedcacbfd5841

SHA-256:
ff7535c2cb72a8461b73805f3d2028307c7b9de8625d0ebbca6ef0af10d1cb9a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/19/2024 11:46:21 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Comodo Security
TrojWare.Win32.Injector.KRTE
18095

Vba32 AntiVirus
Trojan.Tdss
3.12.26.0

File size:
1.5 MB (1,616,330 bytes)

Product version:
1, 2, 0, 715

Copyright:
Copyright © 2005-2007 Oleg N. Scherbakov

Original file name:
7ZSfxNew.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\crossfire_downloader.exe

File PE Metadata
Compilation timestamp:
7/22/2007 4:33:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:s7Qk5stWUnN+hl+VAn5+GmX7w4k/HtRJN9pTuus:s7h5stZnN6l8An5+Gmk4AH7Jzpo

Entry address:
0x14DA6

Entry point:
55, 8B, EC, 6A, FF, 68, 48, 7C, 41, 00, 68, A0, 4D, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 28, 71, 41, 00, 59, 83, 0D, C4, C8, 41, 00, FF, 83, 0D, C8, C8, 41, 00, FF, FF, 15, 2C, 71, 41, 00, 8B, 0D, B4, C4, 41, 00, 89, 08, FF, 15, 30, 71, 41, 00, 8B, 0D, B0, C4, 41, 00, 89, 08, A1, 34, 71, 41, 00, 8B, 00, A3, C0, C8, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 00, C2, 41, 00, 75, 0C, 68, 2E, 4F, 41, 00, FF, 15, 38, 71...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
85 KB (87,040 bytes)

The file crossfire_downloader.exe has been seen being distributed by the following URL.

http://download.g4box.com/crossfire_downloader.exe

Scan crossfire_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.