home

080514_f3.exe

The executable 080514_f3.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.wikizu.net and multiple other hosts.
MD5:
20448939fe4f5679eacf2ff4c18e56d3

SHA-1:
453af633b0875f62510c2dd2dd5831f6d0d0f13f

SHA-256:
6fcab1e59f8773c140dec43aa68f36ad619d20974241b62c029cff6fd2aa71ec

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/4/2024 8:04:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.153165
858

Bitdefender
Gen:Variant.Graftor.153165
1.0.20.1360

Emsisoft Anti-Malware
Gen:Variant.Graftor.153165
8.14.09.29.01

F-Secure
Gen:Variant.Graftor.153165
11.2014-29-09_2

G Data
Gen:Variant.Graftor.153165
14.9.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.5.0

MicroWorld eScan
Gen:Variant.Graftor.153165
15.0.0.816

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.29.13

Trend Micro House Call
TROJ_GEN.R0C1H09HT14
7.2.272

File size:
56.5 KB (57,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\080514_f3.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
768:RudqsVszDBICw3raCEJo1Inmvu1sK6YEvccr1G54V6+OQI+VEQ5bT+D1MpXXqIEz:EdqsVs7JfIc21xgoFEQ5bT+DMnXEeTe

Entry address:
0xC440

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, C3, 40, 00, E8, 00, 85, FF, FF, 68, 7C, C4, 40, 00, 6A, 00, 6A, 00, 6A, 00, 33, C9, BA, 94, C4, 40, 00, B8, C8, C4, 40, 00, E8, 68, B9, FF, FF, E8, 3F, 75, FF, FF, 00, 00, 00, FF, FF, FF, FF, 0C, 00, 00, 00, 4F, 72, 6D, 4C, 66, 68, 67, 72, 2B, 43, 2C, 79, 00, 00, 00, 00, FF, FF, FF, FF, 29, 00, 00, 00, 61, 2D, 31, 32, 31, 2C, 33, 2B, 57, 56, 2D, 34, 32, 2B, 56, 2C, 6F, 61, 7A, 6C, 6C, 60, 60, 2D, 33, 2C, 6C, 2D, 33, 2C, 70, 2B, 56, 2C, 6A, 63, 64, 2E, 44, 2D, 3E, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
45.5 KB (46,592 bytes)

The file 080514_f3.exe has been seen being distributed by the following 2 URLs.

http://www.wikizu.net/.../300614_f3.exe

http://www.hakoonportal.net/.../240714_f3.exe

Remove 080514_f3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.