home

darkcf.exe

TODO: <产品名>

TODO: <公司名>

This is a setup program which is used to install the application. The file has been seen being downloaded from download1724.mediafire.com and multiple other hosts.
Publisher:
TODO: <公司名>

Product:
TODO: <产品名>

Description:
TODO: <文件说明>

Version:
1.0.0.1

MD5:
088bac7f07499f4f2c496eecd8d2a656

SHA-1:
35a0862ebfdfb238328e857779b673da32e53968

SHA-256:
6e9963ef23fdd523abfbe1e7e3a18edfedc49255965bd3cb6c9bebf5f90536c4

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 5:08:22 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.Themida suspicious application
8.0.319.0

File size:
2.5 MB (2,605,056 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (C) <公司名>。保留所有权利。

Original file name:
DarkPatch.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

File PE Metadata
Compilation timestamp:
3/29/2016 8:58:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:4rus/MhdgoezmiyK6lZpIAMuRzZOO90pNZj73fLURIJndnd:4CiJSdlZpJM6Yy03ZPfKkn

Entry address:
0x4EC000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 00, 1A, 00, 2D, 8C, AC, AE, 05, 05, 83, AC, AE, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 02, B6, 2F, 44, 68, 45, 08, 12, 7C, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 88, F4, BE, D4, 00, 4F, 90, 97, 46, 58, 07, D5, 79, DC, FE, 21...
 
[+]

Entropy:
7.7366  (probably packed)

Code size:
220 KB (225,280 bytes)

The file darkcf.exe has been seen being distributed by the following 5 URLs.

http://download1724.mediafire.com/fb83h6d768mg/.../DarkCF.exe

http://download1233.mediafire.com/qknq8z6ryudg/.../DarkCF.exe

http://download1233.mediafire.com/95x5416k4nqg/.../DarkCF.exe

http://download951.mediafire.com/7qzu9w4o5t3g/.../DarkCF.exe

http://download1937.mediafire.com/rt9mi2z3nkrg/.../DarkCF(1).exe

Scan darkcf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.