» CFPH.exe
Overview
Analysis
File Details
Downloads (3)

CFPH.exe

Crossfire PH

CFSuperHacks

The executable CFPH.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1698.mediafire.com and multiple other hosts.

File name:

CFPH.exe

Publisher:

CFSuperHacks

Product:

Crossfire PH

Description:

CFPH v7

Version:

7.0.0.0

MD5:

1f40e7ce6dbacd505894130e2b85caec

SHA-1:

d331e5ea51e74e6391db0dcfa513d4794aab6502

SHA-256:

b728e1c2235f74167fe6679e7d8b39e133fd186bcd15713b52d041314530199d

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

12/26/2024 3:38:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.464805

341

Agnitum Outpost

Trojan.PWS.OnLineGames

7.1.1

Avira AntiVirus

TR/Spy.OnlGame.QG

8.3.1.6

Arcabit

Trojan.Kazy.D717A5

1.0.0.425

avast!

Win32:Malware-gen

2014.9-160228

AVG

PSW.OnlineGames4

2017.0.2819

Baidu Antivirus

Trojan.MSIL.OnLineGames

4.0.3.16228

Bitdefender

Gen:Variant.Kazy.464805

1.0.20.295

Comodo Security

UnclassifiedMalware

22422

Emsisoft Anti-Malware

Gen:Variant.Kazy.464805

8.16.02.28.02

ESET NOD32

MSIL/PSW.OnLineGames.QG (variant)

10.11774

Fortinet FortiGate

MSIL/Agent.OFU!tr

2/28/2016

F-Secure

Gen:Variant.Kazy.464805

11.2016-28-02_1

G Data

Gen:Variant.Kazy.464805

16.2.25

IKARUS anti.virus

Trojan.MSIL.PSW

t3scan.1.9.5.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.592

McAfee

Artemis!1F40E7CE6DBA

5600.6475

MicroWorld eScan

Gen:Variant.Kazy.464805

17.0.0.177

Panda Antivirus

Trj/Sharik.B

16.02.28.02

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047C0OK814

7.2.59

Trend Micro

TROJ_GEN.R047C0OK814

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

41056

Zillya! Antivirus

Trojan.OnLineGames.Win32.196923

2.0.0.2219

File size:

3.4 MB (3,603,968 bytes)

Product version:

7.0.0.0

Original file name:

CFPH.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\programs\cfph.exe

File PE Metadata

Compilation timestamp:

9/11/2014 6:16:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:OYNO3wm3w/ktOt79HuNWdFBWAN/0u8iEqTMGUZfi8XFTDjSRXFTD:n2wm3VtoFuwBtZ0p9Pa8XpfSRXp

Entry address:

0x33102E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8946

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3.2 MB (3,338,752 bytes)

The file CFPH.exe has been seen being distributed by the following 3 URLs.

http://download1698.mediafire.com/ap4thjzli1pg/.../CFPH.exe

http://download1761.mediafire.com/e0eg0j7b7ndg/.../CFPH.exe

http://download2133.mediafire.com/d09succ1c6qg/.../CFPH.exe

Remove CFPH.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.