12_crossfire.exe

Client Application

This is a setup program which is used to install the application. The file has been seen being downloaded from games-portaly.do.am.
Product:
Client Application

Description:
Client MFC Application

Version:
1, 1, 07, 6

MD5:
08bfe4e50eea5cf1cda6e45d6f7ebdd2

SHA-1:
3a7f8f5efd4ef526a464348f5ca22fd035a02339

SHA-256:
5bda9c1141586e9d08f996f863e8ffe3b5e00ff859b3b7a099df38f517dcece5

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 4:41:50 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

McAfee
Artemis!08BFE4E50EEA
5600.6470

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.16303

Trend Micro House Call
Suspicious_GEN.F47V0429
7.2.65

File size:
1.5 MB (1,585,152 bytes)

Product version:
1, 1, 07, 6

Copyright:
Copyright (C) 1997

Original file name:
Client.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\12_crossfire.exe

File PE Metadata
Compilation timestamp:
2/13/2012 1:42:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:Q18UzYKeNDwsbvITofylFw610iemuwOAUNWRL:XIYK1sDfyYyu9x

Entry address:
0xE7FD3

Entry point:
52, BA, 64, 00, 00, 00, EB, 1B, B9, 00, 10, 00, 00, EB, 05, 03, C1, 03, C3, 49, 0B, C9, 75, F7, 52, 54, 54, FF, 15, 40, 40, 6D, 00, 5A, 4A, 0B, D2, 75, E1, 5A, E9, 00, 40, 34, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 09, 00, 01, 00, 00, 00, 58, 00, 00, 80, 02, 00, 00, 00, E8, 00, 00, 80, 03, 00, 00, 00, 08, 01, 00, 80, 05, 00, 00, 00, 28, 01, 00, 80, 06, 00, 00, 00, 60, 01, 00, 80, 0C, 00, 00, 00, D8, 01, 00, 80, 0E, 00, 00, 00, 60, 02, 00, 80, 10, 00, 00, 00, 78, 02, 00, 80, 18, 00, 00...
 
[+]

Code size:
2.3 MB (2,412,544 bytes)

The file 12_crossfire.exe has been discovered within the following program.

Cross Fire  by Mail.Ru
CrossFire is a first-person shooter that features two Mercenary corporations fighting each other in an epic global conflict.
cfire.mail.ru
20% remove it
 
Powered by Should I Remove It?

The file 12_crossfire.exe has been seen being distributed by the following URL.

Scan 12_crossfire.exe - Powered by Reason Core Security