CafeStation.exe

CafeStation of CafeSuite

CafeSuite

The executable CafeStation.exe has been detected as malware by 11 anti-virus scanners. While running, it connects to the Internet address s70.linuxpl.com on port 80 using the HTTP protocol.
Publisher:
CafeSuite

Product:
CafeStation of CafeSuite

Version:
3, 47, 0, 5

MD5:
4c08785f91d5e08b9aa21053e77dcd0b

SHA-1:
db96ecbf309305d37a1ce0538d31377daecf541d

SHA-256:
20f769e78eaaabd59dd732d886dfb4821f6477efbe6f7224bfd0681afd962a64

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/24/2024 1:41:09 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Avira AntiVirus
TR/Gendal.A.408
7.11.113.164

Comodo Security
Packed.Win32.MFSG.Gen
17274

F-Prot
W32/Heuristic-210
v6.4.7.1.166

K7 AntiVirus
Trojan
13.173.10203

McAfee
Artemis!4C08785F91D5
5600.6431

Norman
Packed_FSG.D
11.20160412

Panda Antivirus
Generic Trojan
16.04.12.06

Trend Micro House Call
PAK_Generic.002
7.2.103

Trend Micro
PAK_Generic.002
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
23380

File size:
3 MB (3,109,381 bytes)

Product version:
3.47e

Copyright:
Copyright © SOFCIK Przemek Miszczuk

Trademarks:
CafeSuite

Original file name:
CafeStation.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cafesuite\cafestation.exe

File PE Metadata
Compilation timestamp:
9/11/1987 8:35:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
49152:4OR+gejEPJI5v4CzhbHQ/1707y+eyF5kzHRWFpCGAlh9RQgO08:4Y3ejm0gY9A1AWrA/IQgM

Entry address:
0x154

Entry point:
4D, 5A, 66, 73, 67, 00, 00, 00, 00, 00, 00, 00, 50, 45, 00, 00, 4C, 01, 02, 00, 46, 53, 47, 21, 00, 00, 00, 00, 00, 00, 00, 00, E0, 00, 0F, 01, 0B, 01, 00, 00, 00, E0, 38, 00, 00, B0, 20, 00, 00, 00, 00, 00, 54, 01, 00, 00, 00, 10, 00, 00, 0C, 00, 00, 00, 00, 00, 40, 00, 00, 10, 00, 00, 00, 02, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, A0, B1, 01, 00, 02, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
3.6 MB (3,727,360 bytes)

Windows Firewall Allowed Program
Name:
cafestation of cafesuite


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s70.linuxpl.com  (78.46.92.68:80)

Remove CafeStation.exe - Powered by Reason Core Security