hack de crossfire 2.0.exe

JavaUpdate

Java@Registred

The executable hack de crossfire 2.0.exe has been detected as malware by 38 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from download1511.mediafire.com and multiple other hosts.
Publisher:
Java@Registred

Product:
JavaUpdate

Description:
JavaUpadate.exe

Version:
7.02.0012

MD5:
444bdd987128f1f6b9247414fd00b9c9

SHA-1:
2647d23b7756b33a387abc343d8504b433c1f571

SHA-256:
72403b0d0982b0fb73a0ff209b535b825517276f73a0b1b090adeb144e8a2bde

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
12/27/2024 6:38:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
224

AegisLab AV Signature
Backdoor.W32.Bifrose.lfjj
2.1.4+

AhnLab V3 Security
Trojan/Win32.VB
2016.04.15

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Gen:Backdoor.Heur.Bifrose.E9CAF4
1.0.0.669

avast!
MSIL:Agent-CTT [Trj]
2014.9-160625

AVG
VBCrypt
2017.0.2702

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.16625

Bitdefender
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
1.0.20.885

Bkav FE
W32.HfsOval
1.3.0.7744

Clam AntiVirus
Win.Trojan.B-468
0.98/21511

Comodo Security
Backdoor.Win32.Agent.CEP13
24805

Dr.Web
Trojan.MulDrop.7451
9.0.1.0177

Emsisoft Anti-Malware
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
8.16.06.25.07

ESET NOD32
Win32/TrojanDropper.VB.OOQ
10.13338

Fortinet FortiGate
W32/VB.NMR!tr
6/25/2016

F-Prot
W32/VBTrojan.Dropper.5
v6.4.7.1.166

F-Secure
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
11.2016-25-06_7

G Data
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
16.6.25

IKARUS anti.virus
Backdoor.Bifrose
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.221.19308

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4

Malwarebytes
Backdoor.Agent.DC
v2016.06.25.07

McAfee
Generic Dropper.f
5600.6358

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12603.0

MicroWorld eScan
Gen:Backdoor.Heur.Bifrose.ym3@c08gN5ci
17.0.0.531

NANO AntiVirus
Trojan.Win32.Bifrose.ixsc
1.0.30.7834

Panda Antivirus
Trj/Genetic.gen
16.06.25.07

Qihoo 360 Security
Win32/Backdoor.57c
1.0.0.1120

Quick Heal
Backdoor.Bifrose.EF3
6.16.14.00

Rising Antivirus
PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]
23.00.65.16623

Sophos
Troj/KillAV-FG
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
9060

Total Defense
Win32/Rebhip.PHEHJAD
37.1.62.1

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.177

Trend Micro
BKDR_BLADABI.SMC
10.465.25

Vba32 AntiVirus
TrojanDropper.VB
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
48636

File size:
391.1 KB (400,481 bytes)

Product version:
7.02.0012

Copyright:
www.java.com

Trademarks:
www.java.com

Original file name:
cactus.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hack de crossfire 2.0.exe

File PE Metadata
Compilation timestamp:
1/18/2014 8:12:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:7PMgdRl7n4blLQU3dRd7n4blLZQ7t/ZTvrydaYjwXj3Zz1u9Bcd+rL7EFdsBK/qc:BRwntRowOdaok0BZAbsiqy/mjQbJX

Entry address:
0x109C

Entry point:
68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 22, BF, F6, 35, 01, A8, 7D, 4A, A9, D1, 1C, 56, 22, 85, 20, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 36, 5C, 50, 52, 4F, 58, 00, 54, 4F, 20, 45, 4D, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, F0, 1F, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 09, 04, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
4 KB (4,096 bytes)

The file hack de crossfire 2.0.exe has been seen being distributed by the following 4 URLs.

http://download1511.mediafire.com/kksngycmxulg/.../Hack de Crossfire 2.0.exe

http://download1511.mediafire.com/f698t8bu080g/.../Hack de Crossfire 2.0.exe

Remove hack de crossfire 2.0.exe - Powered by Reason Core Security