home

dfx.exe

Power Technology

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DFX’. This file is installed with the program DFX. The file has been seen being downloaded from download641.mediafire.com and multiple other hosts.
Publisher:
Power Technology  (signed and verified)

MD5:
e4008fe5c4d2af022f7c35e10a301650

SHA-1:
7194b2552d59227ba59b6ef0c0991c6764af9ec0

SHA-256:
b7b8bd97a326bb4881424d2bd1d503c54d17a6bb098010962f014f2fb13e1eb7

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 2:30:59 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0627
7.2.355

File size:
1.2 MB (1,274,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\dfx\dfx.exe

Digital Signature
Signed by:
Power Technology

Authority:
COMODO CA Limited

Valid from:
4/24/2013 7:00:00 AM

Valid to:
4/25/2018 6:59:59 AM

Subject:
CN=Power Technology, O=Power Technology, STREET=100 North Hill Dr, STREET=Unit 24, L=Brisbane, S=CA, PostalCode=94005, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1953BFF7773C9644F9AA285A2E2A49AF

File PE Metadata
Compilation timestamp:
6/19/2013 4:51:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:DxxjEMsVcZjSHF4g3H+uF/4MinRZuzpb1HpjxXpxGrEpCrUAP+jhvw6+vDXDXXZY:DzM3+KTi7Pgw5vDXDXpiY7noO3YYNG

Entry address:
0x54BB7

Entry point:
E8, 2A, 56, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 9B, 1A, 00, 00, 8B, FF, 56, 6A, 01, 68, 50, 21, 50, 00, 8B, F1, E8, F2, 56, 00, 00, C7, 06, E8, 6E, 4E, 00, 8B, C6, 5E, C3, C7, 01, E8, 6E, 4E, 00, E9, 57, 57, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E8, 6E, 4E, 00, E8, 44, 57, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, C3, 56, 00, 00, C7, 06, E8, 6E, 4E, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
6.5237

Code size:
848 KB (868,352 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DFX

Command:
C:\Program Files\dfx\dfx.exe -startup


The file dfx.exe has been discovered within the following programs.

DFX  by Power Technology
Publisher's description - “DFX Audio Enhancer brings better sound to all of your music, videos, Internet radio, games, video chats, and other programs. New DFX 11 now enhances all PC audio playback, providing system-wide HD quality sound for all your entertainment.”
www.fxsound.com
24% remove it
 
Powered by Should I Remove It?

The file dfx.exe has been seen being distributed by the following 5 URLs.

http://download641.mediafire.com/76rntbol5osg/.../DFX.exe

http://download1245.mediafire.com/bnyc8h5c8kvg/.../DFX.exe

http://download641.mediafire.com/g9hoev9bogjg/.../DFX.exe

http://download1935.mediafire.com/mxcm2f1ai2mg/.../DFX.exe

http://download1912.mediafire.com/qcjbj90yu1cg/.../DFX.exe

Scan dfx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.