xfire_installer_45682.exe

Xfire Inc

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program Xfire (remove only). The file has been seen being downloaded from download941.mediafire.com and multiple other hosts.
Publisher:
Xfire Inc  (signed and verified)

MD5:
5cc3a83617980d928572fc2c55a37ca3

SHA-1:
448ae3833efd39ec02788f313e31223f6fb5ccbc

SHA-256:
0321c4cab7a03366d73bdedd348f2c2825d99b0c2e711d807a3082654532daa0

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 10:39:31 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0728
7.2.22

File size:
8.5 MB (8,913,752 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\xfire_installer_45682.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/19/2012 2:00:00 AM

Valid to:
7/19/2013 1:59:59 AM

Subject:
CN=Xfire Inc, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Xfire Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06A70F76C5A51956CB33D6A3FDD5CD93

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:yZO8s9+vsTPRRKyMIdZssjcSDkE890pPEnPrvMTweQ3ANeBxDY:y08lv6PRR5bDTDpOCPEnPgweIyenE

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9994

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file xfire_installer_45682.exe has been discovered within the following program.

Xfire (remove only)  by Xfire Inc.
Xfire is a proprietary freeware instant messaging service for gamers, that also serves as a game server browser with various other features. It is currently available for Microsoft Windows.
www.xfire.com
27% remove it
 
Powered by Should I Remove It?

The file xfire_installer_45682.exe has been seen being distributed by the following 7 URLs.

http://download941.mediafire.com/24obfm2cfcdg/.../xfire_installer_45682.exe

Scan xfire_installer_45682.exe - Powered by Reason Core Security