home

sdf3c1b.exe

The application sdf3c1b.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
MD5:
f4a1dce2298279b11a63b5bc95e84f9f

SHA-1:
8e68a45315509ac1e4e01e002d27959f3f00ee27

SHA-256:
27c78396b4648fd686f61cea4e8ff0b3d7065f1301738e5df9b75c780218ac19

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
1/14/2025 11:00:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:GenMaliciousA-ICO [PUP]
150602-1

AVG
Downloader
2016.0.3072

Dr.Web
Trojan.Crossrider1.36978
9.0.1.05190

ESET NOD32
MSIL/Adware.Imali.A application
7.0.302.0

G Data
MSIL.Adware.OfferInstaller
15.6.25

IKARUS anti.virus
AdWare.MSIL.Imali
t3scan.1.9.5.0

File size:
296.7 KB (303,780 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\sdf3c1b.exe

File PE Metadata
Compilation timestamp:
6/10/2015 8:17:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:6FZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VsaRh:+ZwgVxGq86oH/MKvnolgBh

Entry address:
0x4BEFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9209

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296 KB (303,104 bytes)

Remove sdf3c1b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.