» dfi-vjfhmo.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

dfi-vjfhmo.exe

DemoForge Studio

UTIPU INC

This is a setup and installation application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘dfmirage-Install’. This is installed with TipCam 2.2.

File name:

dfi-vjfhmo.exe

Publisher:

DemoForge, LLC. (signed by UTIPU INC)

Product:

DemoForge Studio

Description:

DemoForge Mirror Driver Installer

Version:

2.0 (build 113)

MD5:

3d94dd7c14f847df507914b2ba1590f2

SHA-1:

48c1b34ec04e94640eb902d3ef49ec2008958dd5

SHA-256:

b05b66ea2eb58e7ae31f0072e5a06bf99bbcb9248efdc22dfc3bb43867bf14f2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 6:38:58 PM UTC (today)

File size:

154.1 KB (157,832 bytes)

Product version:

2.0 (build 113)

Original file name:

mirrinst.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\windows\temp\dfi-vjfhmo.exe

Digital Signature

Signed by:

UTIPU INC

Authority:

The USERTRUST Network

Valid from:

11/29/2007 10:00:00 PM

Valid to:

11/29/2010 9:59:59 PM

Subject:

CN=UTIPU INC, O=UTIPU INC, STREET="901 Yamato Road, STE 116", L=Boca Raton, S=FL, PostalCode=33431, C=US

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

05441FC580B36A24637BAB2DBCB1BBD8

File PE Metadata

Compilation timestamp:

8/26/2008 8:16:47 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:/zunUKpLKGXfG13OdOete8BTunVakMFoRchibp8ubQoYYM:rQvzG13OftOnVaZFo+yp8MY3

Entry address:

0xACB8

Entry point:

48, 83, EC, 28, E8, DB, 63, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, 80, C0, 01, 00, 33, D2, FF, 15, 10, F5, 00, 00, 85, C0, 75, 17, E8, 1B, 02, 00, 00, 48, 8B, D8, FF, 15, 8E, F4, 00, 00, 8B, C8, E8, C3, 01, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, 48, 89, 0D, 45, BA, 01, 00, C3, 40, 53, 48, 81, EC, E0, 05, 00, 00, 83, 64, 24, 70, 00, 48, 8D, 4C, 24, 74, 33, D2, 41, B8, 94, 00, 00, 00, E8, 9C, F7, FF, FF, 4C, 8D, 5C, 24... 
[+]

Code size:

96.5 KB (98,816 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

dfmirage-Install

Command:

"C:\windows\temp\dfi-vjfhmo.exe" -u2 "dfmirage"

The file dfi-vjfhmo.exe has been discovered within the following program.

TipCam 2.2 by UTIPU, Inc.

www.uTIPu.com

About 3% of users remove it

Scan dfi-vjfhmo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.