» grsfnv.exe
Overview
Analysis
File Details
Behaviors (1)

grsfnv.exe

Track

BreakPoint Software, Inc.

The executable grsfnv.exe has been detected as malware by 20 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘grsfnv’.

File name:

grsfnv.exe

Publisher:

CSoft Technologies Inc. (signed by BreakPoint Software, Inc.)

Product:

Track

Version:

6.05.0004

MD5:

4571727e331f72e3937031a0df09c9a4

SHA-1:

57eb0ce2702eb52c4d8ca7b228e52c0be904b37b

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

7/7/2025 8:30:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2959716

303

Avira AntiVirus

TR/Dropper.VB.45260

8.3.2.4

Arcabit

Trojan.Generic.D2D2964

1.0.0.642

avast!

Win32:Malware-gen

2014.9-160406

AVG

Agent5

2017.0.2781

Bitdefender

Trojan.GenericKD.2959716

1.0.20.485

Emsisoft Anti-Malware

Trojan.GenericKD.2959716

8.16.04.06.03

ESET NOD32

Win32/Agent.WNI

10.12825

Fortinet FortiGate

W32/Injector.CPFI!tr

4/6/2016

F-Secure

Trojan.GenericKD.2959716

11.2016-06-04_4

G Data

Trojan.GenericKD.2959716

16.4.25

K7 AntiVirus

Trojan

13.212.18331

McAfee

Artemis!4571727E331F

5600.6437

Microsoft Security Essentials

Trojan:Win32/Enchanim

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.2959716

17.0.0.291

nProtect

Trojan.GenericKD.2959716

16.01.05.01

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00XC0DA416

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

46298

File size:

189.6 KB (194,176 bytes)

Product version:

6.05.0004

Original file name:

Track.exe

File type:

Executable application (Win32 EXE)

Language:

Japonski

Common path:

C:\documents and settings\all users\grsfnv.exe

Digital Signature

Signed by:

BreakPoint Software, Inc.

Authority:

Thawte, Inc.

Valid from:

10/17/2013 2:00:00 AM

Valid to:

10/18/2015 1:59:59 AM

Subject:

CN="BreakPoint Software, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="BreakPoint Software, Inc.", L=Wayland, S=Massachusetts, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0AC3CF34686D1BFF5FC6519BD737B0C5

File PE Metadata

Compilation timestamp:

12/30/2015 8:31:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:EdGcDJiaaNhXLXs1d/uvvhljbhZjtC5EHuT8w+Vj1D+36jE02m0epv+1+xrbNXcY:lcDbshjsOnDbv+1qNXDZDsXv+1X

Entry address:

0x120C

Entry point:

68, E0, 5C, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, FD, 7A, 24, 77, B0, 6C, 35, 41, 88, 13, 07, 7F, 97, 98, E5, 18, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 65, 69, 63, 68, 65, 6E, 62, 65, 73, 69, 63, 68, 74, 69, 67, 75, 6E, 67, 65, 6E, 32, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 13, 5B, 2B, 83, 59, A2, 5D, 66, 40, B2, C4, 3C, B4, 96, C7, 84, C9, 53, 7E, 53, 18, AA, 52, 6C, 48, 91, EA, 6B, B5, 3A, 98, 15, 69, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

152 KB (155,648 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

grsfnv

Command:

C:\documents and settings\all users\grsfnv.exe

Remove grsfnv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.