» hack de crossfire 2.0.exe
Overview
Analysis
File Details
Downloads (4)

hack de crossfire 2.0.exe

JavaUpdate

Java@Registred

The executable hack de crossfire 2.0.exe has been detected as malware by 38 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from download1511.mediafire.com and multiple other hosts.

File name:

Publisher:

Java@Registred

Product:

JavaUpdate

Description:

JavaUpadate.exe

Version:

7.02.0012

MD5:

444bdd987128f1f6b9247414fd00b9c9

SHA-1:

2647d23b7756b33a387abc343d8504b433c1f571

SHA-256:

72403b0d0982b0fb73a0ff209b535b825517276f73a0b1b090adeb144e8a2bde

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/19/2024 11:13:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

224

AegisLab AV Signature

Backdoor.W32.Bifrose.lfjj

2.1.4+

AhnLab V3 Security

Trojan/Win32.VB

2016.04.15

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Gen:Backdoor.Heur.Bifrose.E9CAF4

1.0.0.669

avast!

MSIL:Agent-CTT [Trj]

2014.9-160625

AVG

VBCrypt

2017.0.2702

Baidu Antivirus

MSIL.Backdoor.Bladabindi

4.0.3.16625

Bitdefender

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

1.0.20.885

Bkav FE

W32.HfsOval

1.3.0.7744

Clam AntiVirus

Win.Trojan.B-468

0.98/21511

Comodo Security

Backdoor.Win32.Agent.CEP13

24805

Dr.Web

Trojan.MulDrop.7451

9.0.1.0177

Emsisoft Anti-Malware

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

8.16.06.25.07

ESET NOD32

Win32/TrojanDropper.VB.OOQ

10.13338

Fortinet FortiGate

W32/VB.NMR!tr

6/25/2016

F-Prot

W32/VBTrojan.Dropper.5

v6.4.7.1.166

F-Secure

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

11.2016-25-06_7

G Data

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

16.6.25

IKARUS anti.virus

Backdoor.Bifrose

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.221.19308

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4

Malwarebytes

Backdoor.Agent.DC

v2016.06.25.07

McAfee

Generic Dropper.f

5600.6358

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.12603.0

MicroWorld eScan

Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci

17.0.0.531

NANO AntiVirus

Trojan.Win32.Bifrose.ixsc

1.0.30.7834

Panda Antivirus

Trj/Genetic.gen

16.06.25.07

Qihoo 360 Security

Win32/Backdoor.57c

1.0.0.1120

Quick Heal

Backdoor.Bifrose.EF3

6.16.14.00

Rising Antivirus

PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]

23.00.65.16623

Sophos

Troj/KillAV-FG

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Malagent

9060

Total Defense

Win32/Rebhip.PHEHJAD

37.1.62.1

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.177

Trend Micro

BKDR_BLADABI.SMC

10.465.25

Vba32 AntiVirus

TrojanDropper.VB

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

48636

File size:

391.1 KB (400,481 bytes)

Product version:

7.02.0012

www.java.com

Trademarks:

www.java.com

Original file name:

cactus.dll

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\hack de crossfire 2.0.exe

File PE Metadata

Compilation timestamp:

1/18/2014 8:12:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:7PMgdRl7n4blLQU3dRd7n4blLZQ7t/ZTvrydaYjwXj3Zz1u9Bcd+rL7EFdsBK/qc:BRwntRowOdaok0BZAbsiqy/mjQbJX

Entry address:

0x109C

Entry point:

68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 22, BF, F6, 35, 01, A8, 7D, 4A, A9, D1, 1C, 56, 22, 85, 20, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 36, 5C, 50, 52, 4F, 58, 00, 54, 4F, 20, 45, 4D, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, F0, 1F, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 09, 04, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

4 KB (4,096 bytes)

The file hack de crossfire 2.0.exe has been seen being distributed by the following 4 URLs.

http://download1511.mediafire.com/kksngycmxulg/.../Hack de Crossfire 2.0.exe

http://download1511.mediafire.com/f698t8bu080g/.../Hack de Crossfire 2.0.exe

https://fs09n2.sendspace.com/dl/d7116ef53e381a299197322cbd6f4f79/5770370f2a0f4bb7/.../Hack de Crossfire 2.0.exe

https://fs09n1.sendspace.com/dl/769a0807c75a91dce8fc46762eca42bd/576cb3c51f9bf717/.../Hack de Crossfire 2.0.exe

Remove hack de crossfire 2.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.