» f1fa15.exe
Overview
Analysis
File Details
Downloads (1)

f1fa15.exe

The application f1fa15.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. The file has been seen being downloaded from ofs.ezdownloadpro.info a web site host known to distribute potentially unwanted software operated by Rafael Leviev.

File name:

f1fa15.exe

MD5:

1c4e675b94d733f6cf290c92ec08b338

SHA-1:

72e4778cae615d63da10522c657d24a4e2871e78

SHA-256:

8b087ee04586d69dc6489aa189b95a1d5b7502a6a554e062da10a2d4f89101c0

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 5:09:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.MPLug.35

5650986

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.21

Avira AntiVirus

ADWARE/MultiPlug.Gen

3.6.1.96

avast!

Win32:MultiPlug-WR [PUP]

150319-1

AVG

Adware Generic6.SJL

2014.0.4311

Bitdefender

Gen:Variant.Adware.MPLug.35

1.0.20.555

Comodo Security

Application.Win32.AdWare.MultiPlug.VA

21841

Dr.Web

Trojan.WebPick.5754

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.MPLug.35

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.FC application

7.0.302.0

Fortinet FortiGate

Riskware/Badur

4/21/2015

F-Prot

W32/MultiPlug.H.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.MPLug

5.13.68

G Data

Gen:Variant.Adware.MPLug.35

15.4.25

K7 AntiVirus

Unwanted-Program

13.202.15654

Malwarebytes

PUP.Optional.Unizeto

v2015.04.21.05

McAfee

Program.MultiPlug-FWG

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.MPLug.35

16.0.0.333

NANO AntiVirus

Riskware.Win32.MultiPlug.doojsc

0.30.20.1219

Panda Antivirus

Generic Suspicious

15.04.21.05

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.21.1

Rising Antivirus

PE:AdWare.Win32.MultiPlug.s!1075356738

23.00.65.15419

Sophos

MultiPlug

4.98

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.5085665

39354

File size:

1 MB (1,058,304 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\f1fa15.exe

File PE Metadata

Compilation timestamp:

4/20/2013 2:21:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:S8AhKVQyPDTS45cPbwh7d8mdxys1I55kVZ:S81qyP35GbFMxyBYV

Entry address:

0xDB5B2

Entry point:

E8, DF, 14, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, DF, 4E, 00, E8, E8, 19, 00, 00, E8, AC, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 72, 14, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E8, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.3725

Code size:

896 KB (917,504 bytes)

The file f1fa15.exe has been seen being distributed by the following URL.

http://ofs.ezdownloadpro.info/hp/?q=JHVyuxXOPycdJLFHwymDMv0X80 PsR75wVo XXrXN0GMOblVPf/UxFsp8uND2RHLwySzcy1kbCI gT3NVaS14oA5MTp7v4y Lmp1tL FHbhHkQY4yp25lkUAawNL9jomaJwB0WezEl3omAc1t0FxlfTYEkTU2 k3FfUuSb/psC1P507TyaWjFY4tgtBNEXosRXkmfYXkHeQGsFZMjyPYgkn4 qUJZIh9EomI5b7qgnKzRWU7mPjW2bhrut5T4XA 0sVsKXkx lZGfquztTEw8SQLjbbbGUH9ro7Sh051RVR8jNjFEyNzWetU14IVNOj/gIa3f4NvKDTQbuK5wPXHM2nPlrB/IXOJNWtHYfH0ABiWMlMj8hx3Itf87HePUm2ca2DJ/SngabSYmPFXw90QlxsdclXHR2u/.../dKYcTLFdFXTeDckdshuXEJnPeIZiqwqONmHJ6Hgv8mHDyX4&external_id=1425134853616996853&uuid=gZ4FDXMdmrclA2dhejTYczXOnBOEmabLyiUddB3Vqrg76mWg15eKmxMPkXDEY48hKoQyN7sQuxV4axA5w64PKg7Ti2qqgkIdm8h8aHimoWlIdVgNGLC6Xn8Cm5TRdbFmlRNNOIqXvFSNrz7N17nnUIFmBubBjSGVivRvJ05vUN3PqzsX2Mu4aFSMDHcKubCl77vjD5RkHMJrMIrE6mUzo6ozc10kBevEcSbBi3hIeOFzyfkmSr8klNKO6EmF5BVBf0X4qVY8Ygp6AGt6gtnLEECNh7rgHu5ImHDqVWXAmnpPtfjb0W2MRGSD0WMhlF1r0ZQc9iX0YeZyeeAPIhuG4Y0C6BSonJA5SSghQ7Y2AI2ZHIsEYDf3g9VWxyULwjO3liPp

Remove f1fa15.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.