home

hakercf.exe

The executable hakercf.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘3329d0b85280df18de57b536be8d7f00’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
Version:
0.0.0.0

MD5:
919ff4e461afbcf5e179054a45df0251

SHA-1:
ce4d6d82ba1bca02285b85ef21d3589fbdf1cc9a

SHA-256:
c0cce2ef6e279e3c8fad7abc7b18887cfdb40c087764e6fb067d51623244a381

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/27/2024 12:44:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Generic.MSIL.Bladabindi.6DD3C0C0
-40

AegisLab AV Signature
Troj.W32.Gen.lu1m
2.1.4+

AhnLab V3 Security
Trojan/Win32.Bladabi.C1360412
3.8.3.16

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Generic.MSIL.Bladabindi.6DD3C0C0
1.0.0.795

avast!
MSIL:Agent-CIB [Trj]
2014.9-170315

AVG
MSIL
2018.0.2438

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.17315

Bitdefender
Generic.MSIL.Bladabindi.6DD3C0C0
1.0.20.370

Clam AntiVirus
Win.Trojan.B-468
0.99.211

Comodo Security
TrojWare.MSIL.Spy.Agent.EF
26635

Dr.Web
BackDoor.Bladabindi.13189
9.0.1.074

Emsisoft Anti-Malware
Generic.MSIL.Bladabindi.6DD3C0C0
8.17.03.15.09

ESET NOD32
MSIL/Bladabindi.AH (variant)
11.14975

Fortinet FortiGate
MSIL/Agent.PPV!tr
3/15/2017

F-Prot
W32/MSIL_Bladabindi.AS.gen
v6.4.7.1.166

F-Secure
Generic.MSIL.Bladabindi.6DD3C0C0
11.2017-15-03_4

G Data
Generic.MSIL.Bladabindi.6DD3C0C0
17.3.25

IKARUS anti.virus
Trojan-Spy.HawkEye
0.2.1.2

K7 AntiVirus
Trojan
13.10.1.22497

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1315

Malwarebytes
Trojan.MalPack
v2017.03.15.09

McAfee
Trojan-FIGN
5600.6094

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.13407.0

MicroWorld eScan
Generic.MSIL.Bladabindi.6DD3C0C0
18.0.0.222

NANO AntiVirus
Trojan.Win32.DownLoader10.ctopxm
1.0.70.15190

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Bladabindi.B3
3.17.14.00

Rising Antivirus
Malware.Generic.d!tfe (thunder:13:UXZV8jAMooM)
23.00.65.17313

Sophos
Mal/MSIL-QB
4.98

SUPERAntiSpyware
Backdoor.Bladabindi/Variant
8533

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.74

Trend Micro
BKDR_BLADABI.SMC
10.465.15

VIPRE Antivirus
Trojan.MSIL.Bladabindi.b
56148

Zillya! Antivirus
Downloader.Agent.Win32.293501
2.0.0.3211

File size:
43.5 KB (44,544 bytes)

Product version:
0.0.0.0

Original file name:
Stub.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\hakercf.exe

File PE Metadata
Compilation timestamp:
2/21/2017 10:27:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xB9DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 48, 00, 00, 80, 10, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 7F, 00, 00, A8, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38.5 KB (39,424 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
3329d0b85280df18de57b536be8d7f00

Command:
"C:\users\{user}\appdata\roaming\hakercf.exe"..


Remove hakercf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.