flux.exe

f.lux

Michael Herf

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘f.lux’.
Publisher:
Flux Software LLC  (signed by Michael Herf)

Product:
f.lux

Version:
3, 10, 0, 1

MD5:
ce08e531c0fb0429f23960ed3c7a957d

SHA-1:
7790c338e61198db79464dd326a017d866b21f15

SHA-256:
fdeb591108287d2f70c4b2c344cbb437f5095cc49625869c3d98ff30615a202f

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 10:50:22 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

File size:
1 MB (1,095,503 bytes)

Product version:
3, 10, 0, 1

Copyright:
Copyright © 2008-2014 Flux Software LLC

Trademarks:
f.lux (R)

Original file name:
flux.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/4/2012 8:00:00 AM

Valid to:
5/5/2014 7:59:59 AM

Subject:
CN=Michael Herf, O=Michael Herf, STREET=929 S. Gretna Green Way, L=Los Angeles, S=CA, PostalCode=90049, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F44D90F5015B431315399BB0349396EC

File PE Metadata
Compilation timestamp:
10/24/2013 6:39:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:opCmJDOhYF4looe24ZIl5hEoN0JTxKSVnl+RMdt5fkrEH7R:QasXdxtxhMOd

Entry address:
0x5F0B2

Entry point:
E9, 58, 04, FD, FF, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, FF, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FD, 6E, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 56, 8B, 75, 08, 3B, CB, 74, 21, 3B, F3, 75, 1D, E8, D0, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CE, 6E, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, C8, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7...
 
[+]

Entropy:
6.8515

Packer / compiler:
Xtreme-Protector v1.05

Code size:
488 KB (499,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
f.lux

Command:
"C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe" \noshow


Scan flux.exe - Powered by Reason Core Security