» crossfire_sa.exe
Overview
Analysis
File Details
Downloads (10)

crossfire_sa.exe

Reloaded Games, Inc

This is a setup program which is used to install the application. The file has been seen being downloaded from br.cfpatch.z8games.com and multiple other hosts.

File name:

crossfire_sa.exe

Publisher:

Reloaded Games, Inc (signed and verified)

MD5:

d4753c84cf8d80bed293583ee771c29e

SHA-1:

a5d001a59a64345da069407c2368a2ed1610ed9a

SHA-256:

d3d03632ef7687280b579283acc3153680f464b1585bc30a669c01f3000bdd6e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/13/2025 8:17:00 AM UTC (today)

File size:

2.4 MB (2,523,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\crossfire_sa.exe

Digital Signature

Signed by:

Reloaded Games, Inc

Authority:

DigiCert Inc

Valid from:

7/1/2013 9:00:00 PM

Valid to:

1/28/2015 10:00:00 AM

Subject:

CN="Reloaded Games, Inc", O="Reloaded Games, Inc", L=Irvine, S=California, C=US, PostalCode=92618, STREET=6440 Oak Canyon, STREET=Suite 200, SERIALNUMBER=C3427122, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0D060FC0B8AD898246D8F9D76861CBB8

File PE Metadata

Compilation timestamp:

12/2/2013 11:21:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:SRU/FdSqCDJoT52MXt5vgF5nQ8FR463kYnCTrYq8yuVwou1nofx:f8R46nMCu1A

Entry address:

0xF3FC3

Entry point:

E8, F8, 0A, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 15, 5E, 00, E8, E7, D2, 00, 00, E8, 93, 8F, 00, 00, 0F, B7, F0, 6A, 02, E8, 8B, 0A, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7F, D4, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

1.5 MB (1,580,032 bytes)

The file crossfire_sa.exe has been seen being distributed by the following 10 URLs.

http://br.cfpatch.z8games.com/.../CrossFireBR_Setup.exe

http://us.media.z8games.com/core/.../interaction.php?ct=1&bannerid=71

http://www.2016delivery31.com/c?x=jwqAFojXNOh5dGt0RYTc /eH2CkwRYoQR5wlgq0yJmI=&c=FD00rPDH4U52tyO/N/pDyrXgj35QVvX6RP7ebFlPtOfpf8yBVnzCd97JaNE Av07YwPH85vLGxKmMObIRHHS3hJLSge4AQ0/5L6H/sreQgJ4gjXOzXL2YGiRCefakEaYwnTWc15QuSFuYbU zFOHp7qoBRP 1WsVyRWOLE9PtU=&e=0&downloadAs=minecraft.exe&fallback_url=http://minecraft.pt.downloadastro.com/.../?utm_source=ira&utm_medium=error_generating&utm_campaign=minecraft

http://fileshare1300.depositfiles.org/auth-14536396932afa76c544f8c15fedb699-177.9.14.153-2444606876-165403282-guest/.../GTA-SA.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../cross-fire-32-41-4102702.exe

https://www.4shared.com/downloadDesktop

temp:Crossfire_SA.exe

https://mega.co.nz/temporary/.../jAdjQSQY

http://us.media.z8games.com/core/.../interaction.php?bannerid=71

http://br.cfpatch.z8games.com/.../Crossfire_SA.exe

Scan crossfire_sa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.