home

MSIAfterburner.EXE

MSIAfterburner

MICRO-STAR INTERNATIONAL CO., LTD.

The executable MSIAfterburner.EXE has been detected as malware by 3 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named MSIAfterburner triggered to execute each time a user logs in.
Publisher:
MICRO-STAR INTERNATIONAL CO., LTD.  (signed and verified)

Product:
MSIAfterburner

Version:
4, 3, 0, 9130

MD5:
1454005547e5a8ac25429a28a40122bb

SHA-1:
7dffd36b01d4a72f99f401ba436f0816efffe2f4

SHA-256:
4881f2510ca8d9a45fcd1cbabe995dc11d8f114cb0db32adbe8aba43481b287d

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/30/2024 11:10:27 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
652.1 KB (667,791 bytes)

Product version:
4, 3, 0, 9130

Copyright:
Copyright © 2009-2016 Alexey Nicolaychuk aka Unwinder, developed special for Micro-Star Int’l Co., Ltd.

Original file name:
MSIAfterburner.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\msi afterburner\msiafterburner.exe

Digital Signature
Signed by:
MICRO-STAR INTERNATIONAL CO., LTD.

Authority:
GlobalSign nv-sa

Valid from:
6/3/2014 2:16:15 AM

Valid to:
9/3/2017 2:16:15 AM

Subject:
CN="MICRO-STAR INTERNATIONAL CO., LTD.", OU="MICRO-STAR INTERNATIONAL CO., LTD.", O="MICRO-STAR INTERNATIONAL CO., LTD.", L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112158044863E4DC19CF29A85668B7F45842

File PE Metadata
Compilation timestamp:
8/28/2016 8:48:03 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x49725

Entry point:
E9, 4D, E4, FF, FF, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, C2, 48, 00, 89, 0D, 5C, C2, 48, 00, 89, 15, 58, C2, 48, 00, 89, 1D, 54, C2, 48, 00, 89, 35, 50, C2, 48, 00, 89, 3D, 4C, C2, 48, 00, 66, 8C, 15, 78, C2, 48, 00, 66, 8C, 0D, 6C, C2, 48, 00, 66, 8C, 1D, 48, C2, 48, 00, 66, 8C, 05, 44, C2, 48, 00, 66, 8C, 25, 40, C2, 48, 00, 66, 8C, 2D, 3C, C2, 48, 00, 9C, 8F, 05, 70, C2, 48, 00, 8B, 45, 00, A3, 64, C2, 48, 00, 8B, 45, 04, A3, 68, C2, 48, 00, 8D, 45, 08, A3, 74, C2, 48...
 
[+]

Entropy:
6.4746

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
320 KB (327,680 bytes)

Scheduled Task
Task name:
MSIAfterburner

Trigger:
Logon (Runs on logon)


Remove MSIAfterburner.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.