flux.exe

f.lux

Michael Herf

The executable flux.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘f.lux’.
Publisher:
Flux Software LLC  (signed by Michael Herf)

Product:
f.lux

Version:
3, 10, 0, 1

MD5:
844ca1cc35bddfab7afa5ad750a5ca8e

SHA-1:
17726e80d49871e34290ceaa7d2e0427eaa35d1e

SHA-256:
0ddb5ac5249c69769024691dfa6c654ed66dc195e9ba6d7280471cd33449993e

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/23/2024 11:06:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

Microsoft Security Essentials
TrojanDropper:Win32/Floxif.A
1.231.2065.0

File size:
1 MB (1,099,605 bytes)

Product version:
3, 10, 0, 1

Copyright:
Copyright © 2008-2014 Flux Software LLC

Trademarks:
f.lux (R)

Original file name:
flux.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/4/2012 1:00:00 AM

Valid to:
5/5/2014 12:59:59 AM

Subject:
CN=Michael Herf, O=Michael Herf, STREET=929 S. Gretna Green Way, L=Los Angeles, S=CA, PostalCode=90049, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F44D90F5015B431315399BB0349396EC

File PE Metadata
Compilation timestamp:
10/23/2013 11:39:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:opCmJDOhYF4looeM4ZIl5hEoJ0JNxKSVnl+RMdt5flaB:Qas5ddbxhMOte

Entry address:
0x5F0B2

Entry point:
E9, 15, 5C, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, FF, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FD, 6E, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 56, 8B, 75, 08, 3B, CB, 74, 21, 3B, F3, 75, 1D, E8, D0, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CE, 6E, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, C8, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7...
 
[+]

Entropy:
6.8557

Packer / compiler:
Xtreme-Protector v1.05

Code size:
488 KB (499,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
f.lux

Command:
"C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe" \noshow


Remove flux.exe - Powered by Reason Core Security