flux.exe

f.lux

Michael Herf

The executable flux.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘f.lux’.
Publisher:
Flux Software LLC  (signed by Michael Herf)

Product:
f.lux

Version:
3, 10, 0, 1

MD5:
c82d0d020447930f0f00dd106456d53a

SHA-1:
5a4fddb2af9e1389edb6228f84c060693067ee17

SHA-256:
b6878f3ab8d6c69bfb56c80b23c2cf356b0fa261ff8e5946d63b746aea891212

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 2:38:39 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
1 MB (1,095,503 bytes)

Product version:
3, 10, 0, 1

Copyright:
Copyright © 2008-2014 Flux Software LLC

Trademarks:
f.lux (R)

Original file name:
flux.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/4/2012 6:00:00 AM

Valid to:
5/5/2014 5:59:59 AM

Subject:
CN=Michael Herf, O=Michael Herf, STREET=929 S. Gretna Green Way, L=Los Angeles, S=CA, PostalCode=90049, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F44D90F5015B431315399BB0349396EC

File PE Metadata
Compilation timestamp:
10/24/2013 4:39:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:opCmJDOhYF4looeM4ZIl5MEo60JTxKSVnl+RMdt5fkrEH7/:Qas5yCtxhMO7

Entry address:
0x5F0B2

Entry point:
E9, 1C, 9A, FE, FF, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, FF, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FD, 6E, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 56, 8B, 75, 08, 3B, CB, 74, 21, 3B, F3, 75, 1D, E8, D0, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CE, 6E, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, C8, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7...
 
[+]

Entropy:
6.8519

Packer / compiler:
Xtreme-Protector v1.05

Code size:
488 KB (499,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
f.lux

Command:
"C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe" \noshow


Remove flux.exe - Powered by Reason Core Security