findawf.exe

noahdfear

The executable findawf.exe, “A Search and Replace tool ” has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from noahdfear.geekstogo.com.
Publisher:
noahdfear

Description:
A Search and Replace tool

Version:
1.40. 1. 0

MD5:
aef26d766dbb0a63efcb65fa625b3d45

SHA-1:
e0572537ffca47881729573049d57d1b1c268119

SHA-256:
53856017c98c85f4e2ebea401c6103c29246fb48f28dce04fe4cdb08e36ba2b7

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/27/2024 6:49:19 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/DH
2016.0.2914

Baidu Antivirus
Hacktool.Win32.PrcView
4.0.3.151125

ESET NOD32
Win32/PrcView potentially unsafe
9.11635

F-Prot
W32/Trojan2.OMTX
v6.4.7.1.166

K7 AntiVirus
Trojan
13.203.15931

McAfee
Artemis!AEF26D766DBB
5600.6570

VIPRE Antivirus
Trojan.Win32.Generic
40278

File size:
185.3 KB (189,750 bytes)

Product version:
0.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\findawf.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
3072:WPQpbKAIiuB+ZLtHC5q/nsLkce2gpoZskMX2jGCPGd2RyfI1QPOr2DIcO8Iqiyzn:WPhImEUgek2jGCeAU28I962Qh

Entry address:
0x18E94

Entry point:
55, 8B, EC, B9, 09, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, A1, E0, B5, 41, 00, C6, 00, 01, B8, C4, 8D, 41, 00, E8, DB, D0, FE, FF, 33, C0, 55, 68, 56, 93, 41, 00, 64, FF, 30, 64, 89, 20, 33, C9, B2, 01, A1, 38, 6E, 41, 00, E8, 0F, E1, FF, FF, A3, EC, E8, 41, 00, A1, EC, E8, 41, 00, C6, 40, 30, 01, A1, EC, E8, 41, 00, C6, 40, 31, 01, A1, EC, E8, 41, 00, 83, C0, 32, BA, 70, 93, 41, 00, E8, CA, B3, FE, FF, B2, 01, A1, 18, 0C, 41, 00, E8, 06, A6, FE, FF, A3, F4, E8, 41, 00, B2, 01, A1, 18, 0C...
 
[+]

Entropy:
6.7984

Developed / compiled with:
Microsoft Visual C++

Code size:
97 KB (99,328 bytes)

The file findawf.exe has been seen being distributed by the following URL.

Remove findawf.exe - Powered by Reason Core Security