hack para crossfire 2.0 28-06-2016 atualizado.exe

The executable hack para crossfire 2.0 28-06-2016 atualizado.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5187dde00ff023b497d88177359683d6’. The file has been seen being downloaded from fs11n2.sendspace.com.
MD5:
755a1b22a26d02a9c6cb054fe71a4229

SHA-1:
7661b4a142bef1dce368a060a06e17973882e17e

SHA-256:
69758dff7d8c8d603543c11177036af8c9c01a36397f03ec7d89aba953257964

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 9:51:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Trojan.Rootkit (H)
16.6.29.11

File size:
22.5 KB (23,040 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hack para crossfire 2.0 28-06-2016 atualizado.exe

File PE Metadata
Compilation timestamp:
6/28/2016 7:39:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:F/slUlEvOEJ8xWwYJOMiOBZEdj156Igtwi5HhbQmRvR6JZlbw8hqIusZzZ42f:FgeEvwIlLRRpcnuE

Entry address:
0x747E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
5187dde00ff023b497d88177359683d6

Command:
"C:\users\{user}\appdata\local\temp\svchost.exe"..


The file hack para crossfire 2.0 28-06-2016 atualizado.exe has been seen being distributed by the following URL.