home

cf1.exe

RL Hackers

This is a setup program which is used to install the application. The file has been seen being downloaded from engenhariatm.com.
Publisher:
RL Hackers

Product:
RL Hackers

Version:
2.0.0.0

MD5:
e5d221a64d2fd610a56e34e9c28ce328

SHA-1:
dec60cdfd2d1acaa06d4b8924b60920a8cd4a515

SHA-256:
6398613ff8191a7f8856cedf4e2491b106ec0de2f559e69cee7b46c48628c8d9

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 12:26:57 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Kazy.601782
10.0.0.5366

ESET NOD32
MSIL/DllInject.DV potentially unsafe application
7.0.302.0

File size:
1003.5 KB (1,027,584 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2011-2015

Original file name:
cf1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\cf1.exe

File PE Metadata
Compilation timestamp:
11/26/2015 8:26:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:PSTYCOckN50U00URUBySHNendNUBySHNend:sYGkN5b0biRauRa

Entry address:
0xA1A7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
639 KB (654,336 bytes)

The file cf1.exe has been seen being distributed by the following URL.

http://engenhariatm.com/loader/.../cf1.exe

Scan cf1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.