flux.exe

f.lux

Michael Herf

The executable flux.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘f.lux’.
Publisher:
Flux Software LLC  (signed by Michael Herf)

Product:
f.lux

Version:
3, 10, 0, 1

MD5:
5603ab6639a6fbb8466688c761b88d38

SHA-1:
ebeb3eaeb06c9a7388234cb9fae3323aaa6b6e1e

SHA-256:
1f182113cb3b8d825e845b29581bc3ea24f07e165200be70d6281de62e5fa191

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/23/2024 10:57:02 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
1 MB (1,095,503 bytes)

Product version:
3, 10, 0, 1

Copyright:
Copyright © 2008-2014 Flux Software LLC

Trademarks:
f.lux (R)

Original file name:
flux.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/3/2012 5:00:00 PM

Valid to:
5/4/2014 4:59:59 PM

Subject:
CN=Michael Herf, O=Michael Herf, STREET=929 S. Gretna Green Way, L=Los Angeles, S=CA, PostalCode=90049, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F44D90F5015B431315399BB0349396EC

File PE Metadata
Compilation timestamp:
10/23/2013 3:39:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:opCmWOhYF4looeM4ZIl5hEo60JTxKSVnl+RMdt5fkrEH7i:Qhs5d+txhMOW

Entry address:
0x5F0B2

Entry point:
E9, E7, 83, FA, FF, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, FF, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FD, 6E, 00, 00, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 56, 8B, 75, 08, 3B, CB, 74, 21, 3B, F3, 75, 1D, E8, D0, 10, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CE, 6E, 00, 00, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, C8, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7...
 
[+]

Entropy:
6.8533

Packer / compiler:
Xtreme-Protector v1.05

Code size:
488 KB (499,712 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
f.lux

Command:
"C:\users\{user}\appdata\local\fluxsoftware\flux\flux.exe" \noshow


Remove flux.exe - Powered by Reason Core Security