cofire.exe

File Path: C:\Windows\system32\cofire.exe
Description: Corrupted File Recovery Client

Hashes

Type	Hash
MD5	`585A383A2D2F6C9466367A50CAA1AFF2`
SHA1	`2C34288B7DF5F1AEFCAF6E23602193413A8862B4`
SHA256	`BB4B7C9197803404DB85684A5DB5528A87E1E0A9D1D6906A608F7FD6DD1659A8`
SHA384	`199C7F7C0356DD355C91D32B5970FEC23E61BC41F757CF6C8B9D4105E11123E8C3B9EB1B01D9EC0B2AF13F043942CB2D`
SHA512	`1EDC2E15870F252B1B84DC7FE7A462A9B5DBE6F8FC0DA0DA0881229CA3124CE99C7058212F2373BF18AB33DCD075CC2C46A6841B6842A5C97ADEB3E8A2E35BA5`
SSDEEP	`384:Hrs2LDWkGGaZ5pZ21SauUohaueuLf95/704/fOePFNAmkseW0JW:LlCHGCw1qleeDjTF6mD0`
IMP	`49C319693A3F09328AFCB91C7F2E2CBE`
PESHA1	`1003E9D75DBE6B924E2EC75F15C0684058F0782F`
PE256	`2E3192A1DA136DED8DD3324CBD6F75BD77F88B1FAA528313C4C38A3D58D66E12`

Runtime Data

Loaded Modules:

Path
C:\Windows\system32\cofire.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: cofire.exe.mui
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/75
VirusTotal Link: https://www.virustotal.com/gui/file/bb4b7c9197803404db85684a5db5528a87e1e0a9d1d6906a608f7fd6dd1659a8/detection

MIT License. Copyright (c) 2020-2021 Strontic.