crossfire_na.exe

Crossfire DLM NA

Smilegate - Z8 Games

The executable crossfire_na.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from cross-fire.ar.softonic.com.
Publisher:
Smilegate - Z8 Games

Product:
Crossfire DLM NA

Version:
3.6.8.1

MD5:
ccf885aa25512b73fe0ef5c8a76afca6

SHA-1:
51b05daccf78dc0892bf729e73af49c4c3d5df86

SHA-256:
ac2c881e24fc4ab6ddf8f222cdf3219c12981d6fd0aa6ced1016bece898be8d6

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/27/2024 4:47:49 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AIXK
160518-2

AVG
Win32/Agent.AS
2015.0.4604

Dr.Web
Win32.Cave
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sagev
11.5.0.6191

ESET NOD32
Win32/Delf.NAP virus
8.0.319.0

F-Prot
W32/Trojan2.GKMR
4.6.5.141

F-Secure
Win32.Sagev.A
5.15.96

McAfee
Virus.W32/Caveduck.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2652.0

Norman
Win32.Sagev.A
28.05.2016 15:32:18

File size:
2.4 MB (2,553,406 bytes)

Product version:
3.6.8.1

Copyright:
Copyright © 2016

Original file name:
host.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\crossfire_na.exe

File PE Metadata
Compilation timestamp:
9/4/2015 4:35:26 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:0895kQuYTX79gSfkc2//OKC5HnEeSjy9KpDiXNvj0Dsp0D:D95kr0X76yrtnEQKpDiXNvj0sp0

Entry address:
0x7B27D

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3049

Code size:
489 KB (500,736 bytes)

The file crossfire_na.exe has been seen being distributed by the following URL.

Remove crossfire_na.exe - Powered by Reason Core Security