Crossfire Accounts giveaway 2016-2017.exe

The executable Crossfire Accounts giveaway 2016-2017.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application.
Version:
0.0.0.0

MD5:
a276b978f227d7b968d5dda815498919

SHA-1:
457b6beefa9c32884cf724ed9974c2c081314c5d

SHA-256:
825724dea8ba3aa7e7c8e4875576ca0dc027caa21b6e779d20a8d9e882c086e2

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/28/2024 12:45:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Dropper-Q [Drp]
160518-2

Dr.Web
Trojan.PWS.Siggen.27583
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.MSILKrypt.11
16.07.09

ESET NOD32
MSIL/TrojanDropper.Agent.AST trojan
8.0.319.0

F-Prot
W32/MSIL-Habbo.A!Generic
4.6.5.141

F-Secure
Variant.MSILKrypt.11
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.225.469.0

Norman
Gen:Variant.MSILKrypt.11
28.05.2016 15:32:18

File size:
2.2 MB (2,351,104 bytes)

Product version:
0.0.0.0

Original file name:
Crossfire Accounts giveaway 2016-2017.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\crossfire accounts giveaway 2016-2017.exe

File PE Metadata
Compilation timestamp:
7/7/2016 6:45:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:YInmOtuGIFCd1El6fFOPjBvY0EUxxGAOXT:YInsFCEl6dd0lxxGAO

Entry address:
0x23C84E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6412

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,338,816 bytes)

The file Crossfire Accounts giveaway 2016-2017.exe has been seen being distributed by the following URL.

Remove Crossfire Accounts giveaway 2016-2017.exe - Powered by Reason Core Security