» DofusFK_v1.exe
Overview
Analysis
File Details
Downloads (1)

DofusFK_v1.exe

The executable DofusFK_v1.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from multifungames.free.fr.

File name:

DofusFK_v1.exe

MD5:

dd77e29dba0a47e24ab8718ae6776904

SHA-1:

56b2b405b5bcfa28b74b9e331dd2038a3e3bd658

SHA-256:

6fa605d5f4ed69e8ab09857c05635b30ad9c17e7422870243caf734a9023b99a

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/16/2024 12:16:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Gbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Ardamax

2013.07.31

Avira AntiVirus

TR/Spy.Ardamax.btpb

7.11.94.6

avast!

Win32:KeyLogger-AVO [Spy]

2014.9-130829

AVG

PSW.Generic9

2014.0.3543

Bitdefender

Gen:Variant.Graftor.1088

1.0.20.1205

Clam AntiVirus

Win.Trojan.Ardamax-965

0.98/18155

Comodo Security

TrojWare.Win32.Spy.Agent.aru

16679

Dr.Web

Trojan.KeyLogger.9972

9.0.1.0241

Emsisoft Anti-Malware

Gen:Variant.Graftor.1088

8.13.08.29.06

ESET NOD32

Win32/KeyLogger.Ardamax.NBG (variant)

7.8629

Fortinet FortiGate

W32/Dropper.AABA!tr

8/29/2013

F-Prot

W32/Ardamax.F_1.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.1088

11.2013-29-08_5

G Data

Gen:Variant.Graftor.1088

13.8.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.3.0

K7 AntiVirus

Riskware

13.170.9138

Kaspersky

HEUR:Hoax.Win32.ArchSMS

14.0.0.3810

Malwarebytes

Trojan.Ardamax

v2013.08.29.06

McAfee

Keylog-Ardamax

5600.7181

Microsoft Security Essentials

MonitoringTool:Win32/Ardamax

1.163.1557.0

MicroWorld eScan

Gen:Variant.Graftor.1088

14.0.0.723

NANO AntiVirus

Trojan.Win32.Gbot.edhsx

0.24.0.53571

Norman

Suspicious_Gen2.UCOCJ

11.20130829

Panda Antivirus

Trj/Genetic.gen

13.08.29.06

Quick Heal

Trojan.Ardamax.A

8.13.12.00

Reason Heuristics

Unnamed.Threat.77

14.3.1.0

Sophos

Mal/Ardamax-A

4.91

Trend Micro House Call

TROJ_GEN.R06H1DR

7.2.241

Vba32 AntiVirus

TrojanSpy.Ardamax

3.12.22.2

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

20018

ViRobot

Trojan.Win32.A.Ardamax.1015808

2011.4.7.4223

File size:

1.7 MB (1,792,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\dofusfk_v1.exe

File PE Metadata

Compilation timestamp:

10/10/2011 2:55:38 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:qkTnmx9/HHrCDRXPQ//zSvYBJh9eX4POKj9Eqt3tm7vJPso8O:TURry/Q/r//h9eoPODDVso8O

Entry address:

0x3DEA

Entry point:

E8, 37, 23, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, 31, 41, 00, 89, 0D, 94, 31, 41, 00, 89, 15, 90, 31, 41, 00, 89, 1D, 8C, 31, 41, 00, 89, 35, 88, 31, 41, 00, 89, 3D, 84, 31, 41, 00, 66, 8C, 15, B0, 31, 41, 00, 66, 8C, 0D, A4, 31, 41, 00, 66, 8C, 1D, 80, 31, 41, 00, 66, 8C, 05, 7C, 31, 41, 00, 66, 8C, 25, 78, 31, 41, 00, 66, 8C, 2D, 74, 31, 41, 00, 9C, 8F, 05, A8, 31, 41, 00, 8B, 45, 00, A3, 9C, 31, 41, 00, 8B, 45, 04, A3, A0, 31, 41, 00, 8D, 45, 08, A3, AC, 31, 41... 
[+]

Entropy:

7.9886 (probably packed)

Code size:

44 KB (45,056 bytes)

The file DofusFK_v1.exe has been seen being distributed by the following URL.

http://multifungames.free.fr/.../DofusFK_v1.exe

Remove DofusFK_v1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.