f1fa15.exe

The application f1fa15.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. The file has been seen being downloaded from ofs.ezdownloadpro.info a web site host known to distribute potentially unwanted software operated by Rafael Leviev.
MD5:
1c4e675b94d733f6cf290c92ec08b338

SHA-1:
72e4778cae615d63da10522c657d24a4e2871e78

SHA-256:
8b087ee04586d69dc6489aa189b95a1d5b7502a6a554e062da10a2d4f89101c0

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:07:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPLug.35
5650986

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.21

Avira AntiVirus
ADWARE/MultiPlug.Gen
3.6.1.96

avast!
Win32:MultiPlug-WR [PUP]
150319-1

AVG
Adware Generic6.SJL
2014.0.4311

Bitdefender
Gen:Variant.Adware.MPLug.35
1.0.20.555

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
21841

Dr.Web
Trojan.WebPick.5754
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPLug.35
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.FC application
7.0.302.0

Fortinet FortiGate
Riskware/Badur
4/21/2015

F-Prot
W32/MultiPlug.H.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPLug
5.13.68

G Data
Gen:Variant.Adware.MPLug.35
15.4.25

K7 AntiVirus
Unwanted-Program
13.202.15654

Malwarebytes
PUP.Optional.Unizeto
v2015.04.21.05

McAfee
Program.MultiPlug-FWG
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.MPLug.35
16.0.0.333

NANO AntiVirus
Riskware.Win32.MultiPlug.doojsc
0.30.20.1219

Panda Antivirus
Generic Suspicious
15.04.21.05

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.21.1

Rising Antivirus
PE:AdWare.Win32.MultiPlug.s!1075356738
23.00.65.15419

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

VIPRE Antivirus
Threat.5085665
39354

File size:
1 MB (1,058,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\f1fa15.exe

File PE Metadata
Compilation timestamp:
4/20/2013 2:21:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:S8AhKVQyPDTS45cPbwh7d8mdxys1I55kVZ:S81qyP35GbFMxyBYV

Entry address:
0xDB5B2

Entry point:
E8, DF, 14, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, DF, 4E, 00, E8, E8, 19, 00, 00, E8, AC, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 72, 14, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E8, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.3725

Code size:
896 KB (917,504 bytes)

The file f1fa15.exe has been seen being distributed by the following URL.

Remove f1fa15.exe - Powered by Reason Core Security