home

hack para crossfire 2.0 28-06-2016 atualizado.exe

The executable hack para crossfire 2.0 28-06-2016 atualizado.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5187dde00ff023b497d88177359683d6’. The file has been seen being downloaded from fs11n2.sendspace.com.
MD5:
755a1b22a26d02a9c6cb054fe71a4229

SHA-1:
7661b4a142bef1dce368a060a06e17973882e17e

SHA-256:
69758dff7d8c8d603543c11177036af8c9c01a36397f03ec7d89aba953257964

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/30/2024 12:07:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Trojan.Rootkit (H)
16.6.29.11

File size:
22.5 KB (23,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hack para crossfire 2.0 28-06-2016 atualizado.exe

File PE Metadata
Compilation timestamp:
6/28/2016 7:39:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:F/slUlEvOEJ8xWwYJOMiOBZEdj156Igtwi5HhbQmRvR6JZlbw8hqIusZzZ42f:FgeEvwIlLRRpcnuE

Entry address:
0x747E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
5187dde00ff023b497d88177359683d6

Command:
"C:\users\{user}\appdata\local\temp\svchost.exe"..


The file hack para crossfire 2.0 28-06-2016 atualizado.exe has been seen being distributed by the following URL.

https://fs11n2.sendspace.com/dl/b09964a86ccc89d07b5b34d94c0ddac7/578bc75f304cc5dd/.../Hack para CrossFire 2.0 28-06-2016 ATUALIZADO.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.