» cs16_fnatic.exe
Overview
Analysis
File Details
Downloads (1)

cs16_fnatic.exe

The application cs16_fnatic.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cloclo12.datacloudmail.ru.

File name:

cs16_fnatic.exe

MD5:

3594ad6e6225f34bcd65394e3767a378

SHA-1:

28c6b00fd5f046c0e5f9d71d00c1e005dea5cc4f

SHA-256:

c7ad57847c59796f71e305a0b53b724b483488008b2d9d8953fda5615d2c8f8c

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/13/2025 5:02:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Htool.WGV

358

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/Agent.Wbr.3

3.6.1.96

AVG

Skodna.GameHack

2017.0.2836

Baidu Antivirus

Hacktool.Win32.GameHack

4.0.3.16211

Bitdefender

Application.Htool.WGV

1.0.20.210

Clam AntiVirus

Win.Trojan.Htool-7

0.98/21511

Comodo Security

TrojWare.Win32.UMal.~A

21995

ESET NOD32

Win32/GameHack.KE potentially unsafe

10.11570

F-Prot

W32/Heuristic-KPP

v6.4.7.1.166

F-Secure

Application.Htool.WGV

11.2016-11-02_5

G Data

Application.Htool.WGV

16.2.25

IKARUS anti.virus

Application.Htool

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15791

MicroWorld eScan

Application.Htool.WGV

17.0.0.126

Norman

Suspicious_Gen2.PSUOH

11.20160211

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.12A31E90!312680080

23.00.65.16209

Sophos

Generic PUA CI

4.98

Total Defense

Win32/Tnega.XAWT!suspicious

37.1.62.1

Trend Micro House Call

Suspicious_GEN.F47V0227

7.2.42

VIPRE Antivirus

Trojan.Win32.Generic

39928

Zillya! Antivirus

Trojan.CPEX.Win32.15838

2.0.0.2165

File size:

89.5 KB (91,687 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\cs16_fnatic.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

1536:DnKCjp197wseyLq/OtZY126A1sMkLhYAtg0H+le3zUdJQuuB6cY+exyn9O:DKkp1dwsBq/OtM26A1tkzg6+UA+jkE9O

Entry point:

52, 61, 72, 21, 1A, 07, 00, CF, 90, 73, 00, 00, 0D, 00, 00, 00, 00, 00, 00, 00, E6, 47, 7A, 00, 80, 23, 00, 4C, 00, 00, 00, 5C, 00, 00, 00, 02, 31, FA, 15, 66, 00, 00, 00, 00, 1D, 33, 03, 00, 01, 00, 00, 00, 43, 4D, 54, 09, 50, D5, 0B, E4, D3, 2E, 41, E2, AB, 7B, C2, B6, E6, B5, 4D, 0D, A3, 74, 51, 7E, 88, BD, E9, 1F, B4, B5, 4B, 9E, 0F, 08, 10, 32, 49, C9, F2, AF, 19, 56, 78, CE, 1B, 79, 13, 73, A2, 04, CC, 0E, 4A, CA, 89, 0C, 96, 85, C5, BE, 70, FD, 88, 79, AA, 64, F1, 5A, FB, E4, EA, 23, FB, 6C, ED, 54... 
[+]

The file cs16_fnatic.exe has been seen being distributed by the following URL.

https://cloclo12.datacloudmail.ru/weblink/get/.../cs16_fnatic.exe

Remove cs16_fnatic.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.