» CafeStation.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

CafeStation.exe

CafeStation of CafeSuite

CafeSuite

The executable CafeStation.exe has been detected as malware by 11 anti-virus scanners. While running, it connects to the Internet address s70.linuxpl.com on port 80 using the HTTP protocol.

File name:

CafeStation.exe

Publisher:

CafeSuite

Product:

CafeStation of CafeSuite

Version:

3, 47, 0, 5

MD5:

4c08785f91d5e08b9aa21053e77dcd0b

SHA-1:

db96ecbf309305d37a1ce0538d31377daecf541d

SHA-256:

20f769e78eaaabd59dd732d886dfb4821f6477efbe6f7224bfd0681afd962a64

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

11/24/2024 1:41:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Suspicious

7.1.1

Avira AntiVirus

TR/Gendal.A.408

7.11.113.164

Comodo Security

Packed.Win32.MFSG.Gen

17274

F-Prot

W32/Heuristic-210

v6.4.7.1.166

K7 AntiVirus

Trojan

13.173.10203

McAfee

Artemis!4C08785F91D5

5600.6431

Norman

Packed_FSG.D

11.20160412

Panda Antivirus

Generic Trojan

16.04.12.06

Trend Micro House Call

PAK_Generic.002

7.2.103

Trend Micro

PAK_Generic.002

10.465.12

VIPRE Antivirus

Trojan.Win32.Generic

23380

File size:

3 MB (3,109,381 bytes)

Product version:

3.47e

Trademarks:

CafeSuite

Original file name:

CafeStation.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cafesuite\cafestation.exe

File PE Metadata

Compilation timestamp:

9/11/1987 8:35:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

CTPH (ssdeep):

49152:4OR+gejEPJI5v4CzhbHQ/1707y+eyF5kzHRWFpCGAlh9RQgO08:4Y3ejm0gY9A1AWrA/IQgM

Entry address:

0x154

Entry point:

4D, 5A, 66, 73, 67, 00, 00, 00, 00, 00, 00, 00, 50, 45, 00, 00, 4C, 01, 02, 00, 46, 53, 47, 21, 00, 00, 00, 00, 00, 00, 00, 00, E0, 00, 0F, 01, 0B, 01, 00, 00, 00, E0, 38, 00, 00, B0, 20, 00, 00, 00, 00, 00, 54, 01, 00, 00, 00, 10, 00, 00, 0C, 00, 00, 00, 00, 00, 40, 00, 00, 10, 00, 00, 00, 02, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, A0, B1, 01, 00, 02, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

3.6 MB (3,727,360 bytes)

Windows Firewall Allowed Program

Name:

cafestation of cafesuite

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to s70.linuxpl.com (78.46.92.68:80)

Remove CafeStation.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.