home

dfo.exe

DownloadFileOpener

MS Technology Inc.

The application dfo.exe by MS Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program DownloadFileOpener by MS Technology Inc. which is a potentially unwanted software program.
Publisher:
DownloadFileOpener.com  (signed by MS Technology Inc.)

Product:
DownloadFileOpener

Version:
2.0.3.6

MD5:
c1ca24b50d332c5482f61443e7ed2fd8

SHA-1:
c5bdca51dc3ac2150d52fcf6ebc49aa06d07dc66

SHA-256:
9c5e512cd953cf6a69c099f00103472680fe7a7db299484d4c9e647af5a079e3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 3:41:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CompuClever.Optional.Meta (L)
16.1.2.18

File size:
2.3 MB (2,414,104 bytes)

Product version:
2.0.3.6

Copyright:
(c) DownloadFileOpener.com. All rights reserved.

Trademarks:
DownloadFileOpener

Original file name:
DownloadFileOpener.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\downloadfileopener\dfo.exe

Digital Signature
Signed by:
MS Technology Inc.

Authority:
COMODO CA Limited

Valid from:
1/8/2014 6:00:00 PM

Valid to:
1/9/2015 5:59:59 PM

Subject:
CN=MS Technology Inc., O=MS Technology Inc., STREET=4262 Richfield Terr, L=Victoria, S=BC, PostalCode=V8X 4V3, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D45138BEB45EA262954508FC61D1AF64

File PE Metadata
Compilation timestamp:
3/23/2014 8:03:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:pIMwcUbc27IkNn8UPMT29UBSnHKPjz7Q7Ll4SY6iXMC/2:yM/N3gn/Pc2iInqPX7+LE6ik

Entry address:
0x121373

Entry point:
E8, 78, 88, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, F0, 97, 5A, 00, 75, 02, F3, C3, E9, FA, 88, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, CE, 31, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 0A, 8B, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 7A, 5C, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 29, 34, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
6.4484

Code size:
1.3 MB (1,379,840 bytes)

The file dfo.exe has been discovered within the following program.

DownloadFileOpener  by MS Technology Inc.
Publisher's description - “DownloadFileOpener provides an easy way to find the very file viewer that you need! Our goal is to provide accurate and updated information about file extension types, guide you to find the most suitable file viewer/opener program for your PC, and provide support and assistance to open and view your files.”
www.downloadfileopener.com
About 66% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-197-237-142.compute-1.amazonaws.com  (54.197.237.142:80)

Remove dfo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.