hacker crossfire al 2016.exe

The executable hacker crossfire al 2016.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs07n3.sendspace.com and multiple other hosts.
MD5:
b88917b6dfd6d2f38bf01526357dd866

SHA-1:
6c4486b5fbb6f34f95e8568245370362609c8db6

SHA-256:
fb72eb7b86b1b55eaaebb88d5eed2c6dbf6dfb8fa77fe7a945d61bdf4d1e0407

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
11/4/2024 5:04:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.50306
247

AegisLab AV Signature
Gen.Variant.Razy!c
2.1.4+

Avira AntiVirus
TR/Inject.sbbeiko
8.3.3.4

Arcabit
Trojan.Razy.DC482
1.0.0.696

avast!
Win32:Malware-gen
2014.9-160601

AVG
MSIL7
2017.0.2725

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1661

Bitdefender
Gen:Variant.Razy.50306
1.0.20.765

Dr.Web
Trojan.DownLoader12.46082
9.0.1.0153

Emsisoft Anti-Malware
Gen:Variant.Razy.50306
8.16.06.01.11

ESET NOD32
MSIL/Injector.IKV (variant)
10.13571

Fortinet FortiGate
MSIL/Injector.IKV!tr
6/1/2016

F-Secure
Gen:Variant.Razy.50306
11.2016-01-06_4

G Data
Gen:Variant.Razy.50306
16.6.25

IKARUS anti.virus
Trojan.MSIL.Nagoot
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.226.19757

Kaspersky
Trojan.Win32.Fsysna
14.0.0.120

Malwarebytes
Trojan.PasswordStealer.MSIL
v2016.06.01.11

McAfee
RDN/Generic.dx
5600.6381

Microsoft Security Essentials
Trojan:MSIL/Nagoot.A
1.1.12805.0

MicroWorld eScan
Gen:Variant.Razy.50306
17.0.0.459

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1120

Rising Antivirus
Trojan.FakeChrome!1.9C7B
23.00.65.16530

Sophos
Troj/MSIL-EBL
4.98

VIPRE Antivirus
Trojan.Win32.Generic
49766

File size:
907.5 KB (929,313 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hacker crossfire al 2016.exe

File PE Metadata
Compilation timestamp:
1/3/2016 9:34:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:FYrjm3V9Zq/sNFhWw2pUqJVzsQY7HL5ysVbb/VEf6w:4y9+AUpMrMsVv/2h

Entry address:
0x1E35B

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, F4, C4, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F4, C4, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, C4, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 92, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
165 KB (168,960 bytes)

The file hacker crossfire al 2016.exe has been seen being distributed by the following 2 URLs.

Remove hacker crossfire al 2016.exe - Powered by Reason Core Security