» fireheart.exe
Overview
Analysis
File Details
Behaviors (1)

fireheart.exe

Fire Heart

Laconic Software

The executable fireheart.exe, “Fire Heart Desktop Gadget” has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Fire Heart’.

File name:

fireheart.exe

Publisher:

Laconic Software (signed and verified)

Product:

Fire Heart

Description:

Fire Heart Desktop Gadget

Version:

2.0.0.231

MD5:

65407f57e21e8e02a360685403b701f3

SHA-1:

988083ec7bd047f5436b9286ef9f739210f18b53

SHA-256:

9f11a17caad63a7036839a27f89117d69ae280a42dca0e2d745f8f0c1b5d1e96

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/24/2024 12:29:43 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Floxif

2013.0.4477

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

File size:

2.1 MB (2,189,551 bytes)

Product version:

1.0.0.0

Laconic Software

Original file name:

fireheart.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Laconic Software

Authority:

The USERTRUST Network

Valid from:

8/14/2008 6:00:00 AM

Valid to:

8/15/2011 5:59:59 AM

Subject:

CN=Laconic Software, O=Laconic Software, STREET=Moiseeva str. 75/66, L=Voronezh, S=N/A, PostalCode=394055, C=RU

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00B3E75FF976932794CCC60A76D675022D

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:tRvRKG6k7WTO/8tp3KtHfC7ptJFU7z7oFJTqQ9Rk1rL68ClQk4yzbo/kZ/DJSNr3:tNSpjoH6dtJ+7wnqQ9D8dRy1Z/1Sl

Entry address:

0x1789E4

Entry point:

E9, CD, 55, FC, FF, F0, 53, B8, E4, 85, 57, 00, E8, 63, DD, E8, FF, 8B, 1D, 1C, ED, 57, 00, 8B, 03, E8, 7E, 21, F0, FF, 8B, 03, BA, 60, 8A, 57, 00, E8, 6A, 1D, F0, FF, 8B, 03, C7, 40, 74, 88, 13, 00, 00, A1, C8, ED, 57, 00, 8B, 15, 3C, 48, 57, 00, 89, 10, 8B, 03, 33, D2, E8, 0B, 28, F0, FF, 8B, 03, B2, 01, E8, 02, 28, F0, FF, 8B, 0D, A4, EB, 57, 00, 8B, 03, 8B, 15, 84, 6A, 57, 00, E8, 4F, 21, F0, FF, 8B, 03, E8, C8, 21, F0, FF, 5B, E8, 8A, B7, E8, FF, 00, 00, FF, FF, FF, FF, 0A, 00, 00, 00, 46, 69, 72, 65... 
[+]

Entropy:

6.7470

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.5 MB (1,539,072 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Fire Heart

Command:

C:\softeer\sabuz--software\fireheart.exe

Remove fireheart.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.