» alfaloader.exe
Overview
Analysis
File Details
Downloads (1)

alfaloader.exe

The executable alfaloader.exe has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s10164.chomikuj.pl.

File name:

alfaloader.exe

MD5:

d23282ab8845b64f5cf0b213a7b017d4

SHA-1:

56eae2729211c92e472863629d503d43ab45db9d

SHA-256:

52c70aab6d52a3caab3f8b1bf4718d7779dc91129b7e01586feebddc9823f6ba

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

2/25/2025 12:37:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.FU.duW@a0R8mZdi

343

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Xema

2014.12.28

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.198.70

AVG

SHeur2

2017.0.2821

Baidu Antivirus

Trojan.Win32.Orsam

4.0.3.16226

Bitdefender

Gen:Trojan.Heur.FU.duW@a0R8mZdi

1.0.20.285

Bkav FE

HW32.Packed

1.3.0.6267

Comodo Security

UnclassifiedMalware

20505

Dr.Web

Trojan.Siggen3.4969

9.0.1.057

Emsisoft Anti-Malware

Gen:Trojan.Heur.FU.duW@a0R8mZdi

8.16.02.26.08

Fortinet FortiGate

W32/Krap.K!tr

2/26/2016

F-Prot

W32/MalwareF.ZZZN

v6.4.7.1.166

F-Secure

Gen:Trojan.Heur.FU.duW@a0R8mZdi

11.2016-26-02_6

G Data

Gen:Trojan.Heur.FU.duW@a0R8mZdi

16.2.24

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.601

Malwarebytes

Trojan.Orsam.DL

v2016.02.26.08

McAfee

Artemis!D23282AB8845

5600.6477

Microsoft Security Essentials

Trojan:Win32/Orsam!rts

1.11302

MicroWorld eScan

Gen:Trojan.Heur.FU.duW@a0R8mZdi

17.0.0.171

NANO AntiVirus

Trojan.Win32.XPACK.ebilu

0.30.0.64448

Norman

Obfuscated_T

11.20160226

nProtect

Trojan/W32.Agent.51200.MS

14.12.26.01

Panda Antivirus

Generic Malware

16.02.26.08

Qihoo 360 Security

HEUR/Malware.QVM19.Gen

1.0.0.1015

Quick Heal

Trojan.Orsam.r5

2.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.11E33697!300103319

23.00.65.16224

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0DLH14

7.2.57

Trend Micro

TROJ_GEN.R0C1C0DLH14

10.465.26

Vba32 AntiVirus

Malware-Cryptor.Win32.General.4

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36146

Zillya! Antivirus

Trojan.Kryptik.Win32.80573

2.0.0.2018

File size:

50 KB (51,200 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\alfadiag 3.3\alfaloader.exe

File PE Metadata

Compilation timestamp:

8/31/2009 6:55:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

1536:LssSYYqJR+xn699w6Vh8a4FdblIv43dcwF:hgn692BF3Iv43

Entry address:

0x5060

Entry point:

E8, 01, 00, 00, 00, 81, E8, 02, 00, 00, 00, 81, 84, E8, 37, 02, 00, 00, 81, 84, E8, 01, 00, 00, 00, 64, E8, 02, 00, 00, 00, E8, 81, E8, CB, 00, 00, 00, C3, 81, 84, 83, C4, 04, 01, 2C, 24, E8, 04, 00, 00, 00, 01, 31, 00, 00, 50, 8B, 85, E1, C1, 40, 00, EB, 01, E8, 80, FA, 75, 76, 0A, 05, 8B, 01, 00, 00, EB, 01, E8, EB, 23, 80, FB, 36, 76, 0A, 05, A0, 01, 00, 00, EB, 01, 68, EB, 14, 80, F9, 80, 76, 0A, 05, 93, 01, 00, 00, EB, 01, E8, EB, 05, 05, 7F, 04, 00, 00, EB, 01, 68, 89, 85, E1, C1, 40, 00, 68, 51, 70... 
[+]

Code size:

1024 Bytes (1,024 bytes)

The file alfaloader.exe has been seen being distributed by the following URL.

http://s10164.chomikuj.pl/File.aspx?e=ip0w-GhTAHFtXpJ3ijfskWQepzs4QIInk1k9D622wHJQCWP7BGSjyevWCHCqrYcvAUyN8Y8bfapCvZVSXfVuLI5Kah-ANnXs8PLhruTG_-2sPHdf33Fx0ce09ahjcMXed1LrDH7f10kRjHuwlQMyLA&pv=2

Remove alfaloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.