vafplayer.exe

The executable vafplayer.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from ttb.dllfinalsoft.com.
MD5:
4cf7ccbb42740b56fd8f97d4ca805791

SHA-1:
5cce067cb76015a5e7f610684b6e35e47a0792f2

SHA-256:
90616d5b3eb7efae9b31c5a69b70f8ab4a34649052c7a8a2c6d5af5b248cdc5c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 1:19:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.2.17

File size:
323.1 KB (330,896 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\vafplayer.exe

File PE Metadata
Compilation timestamp:
1/23/2014 5:53:01 PM

OS version:
5.1

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Zrl8sf608N/cz9GD0mOh3Jhh9Ha24+7YMQ:dl8sC08N89StOh4+TQ

Entry address:
0x1BBB

Entry point:
E8, 37, 27, 00, 00, E9, 7F, FE, FF, FF, A1, D8, 0D, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, D8, 0D, 41, 00, 6A, 04, 50, E8, C7, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, D8, 0D, 41, 00, E8, AE, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 08, F0, 40, 00, 89, 0C, 02, 83, C1, 20, 8D, 52, 04, 81, F9, 88, F2, 40, 00, 7D, 07, A1, D4, 0D, 41, 00, EB, E8, 33, C0, 5E, C3, E8, D8, 2C...
 
[+]

Code size:
33 KB (33,792 bytes)

The file vafplayer.exe has been seen being distributed by the following URL.

Remove vafplayer.exe - Powered by Reason Core Security