SFrame.exe

a5RTHrlSF19XcK4y

aiwoWqOzWOTKl

The executable SFrame.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1036.mediafire.com.
Publisher:
aiwoWqOzWOTKl

Product:
a5RTHrlSF19XcK4y

Description:
aL10GvPuFiR

Version:
11.14.18.72

MD5:
54e497f9d9fd45fd8bfe4f8cf1d8b933

SHA-1:
8d47a6e45f56316a62dface9aa32aceb91b6d245

SHA-256:
87866e41c587d30888a4791a7a8bf939c8f579d6f8e4330d08392ae56b75c800

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/26/2024 2:10:54 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:GenMalicious-E [Trj]
140908-2

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.14916

ESET NOD32
MSIL/Injector.DTG trojan
7.0.302.0

McAfee
Trojan-FECN!54E497F9D9FD
5600.7006

File size:
1.9 MB (2,019,840 bytes)

Product version:
11.14.18.72

Copyright:
Copyright © 2010

Trademarks:
azw3jr2Apo0w2pArZJ

Original file name:
SFrame.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\sframe.exe

File PE Metadata
Compilation timestamp:
5/27/2014 5:56:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:Yszwn/4CrnfiVkM4RDwO6OOHmdRAClXuJazoMQYZGl+ffN10Ai3A8AA0ByqtgebZ:j2nqVvCZv3Xoi98AAmbYcKdz

Entry address:
0x10DD4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,097,216 bytes)

The file SFrame.exe has been seen being distributed by the following URL.

Remove SFrame.exe - Powered by Reason Core Security