Should I block it?

98%

Yes, 98% block recommendation.

Possible reason:

Multiple malware detections

Additional versions

9.60.2114	4.35%
9.05.2071	4.35%
9.05.2064	4.35%
9.05.2063	4.35%
9.04.2051	13.04%
9.04.2051	13.04%
9.04.2051	4.35%
9.02.2032	17.39%
9.02.2032	4.35%
8.02.1972	13.04%
8.02.1972	4.35%
6.61.1880	4.35%
5.12.1652	4.35%
4.50.1457	4.35%

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegQueryValueExW, SetServiceStatus, RegisterServiceCtrlHandlerExA, StartServiceCtrlDispatcherA, RegCloseKey, RegOpenKeyExW, RegQueryInfoKeyA, RegQueryInfoKeyW, RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegSetValueExW, RegSetValueExA, RegQueryValueExA, RegEnumKeyExW, RegEnumKeyExA, LookupAccountNameW, ConvertSidToStringSidW, GetUserNameA

iphlpapi.dll

NotifyRouteChange, NotifyAddrChange, GetIfTable, GetIfEntry, GetAdaptersInfo, GetIpNetTable, SendARP, GetBestRoute, GetIpAddrTable

kernel32.dll

InterlockedDecrement, GetCommandLineW, GetModuleFileNameW, GetModuleHandleW, LocalFree, SetLastError, GetCurrentThread, TerminateProcess, GetSystemDefaultLangID, GetSystemInfo, GetVersionExW, DeviceIoControl, CreateFileW, GetFileAttributesW, FileTimeToSystemTime, FileTimeToLocalFileTime, GetFileTime, DeleteFileW, GetSystemTime, GetWindowsDirectoryW, GetSystemDirectoryW, GetLocalTime, FlushFileBuffers, CreateDirectoryW, ResumeThread, CreateThread, TerminateThread, WaitForMultipleObjects, MultiByteToWideChar, WideCharToMultiByte, ReadFile, GetTickCount, SetFilePointer, GetStdHandle, GetFileSizeEx, GetConsoleScreenBufferInfo, ReadConsoleInputA, GetFileType, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetThreadPriority, GetThreadPriority, QueryPerformanceFrequency, InterlockedIncrement, GetStringTypeW, InterlockedExchange, EncodePointer, DecodePointer, RaiseException, RtlUnwind, SetConsoleMode, GetConsoleMode, HeapSetInformation, MoveFileW, HeapFree, LCMapStringW, GetCPInfo, HeapAlloc, IsProcessorFeaturePresent, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapSize, ExitProcess, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStartupInfoW, HeapCreate, SetStdHandle, GetConsoleCP, VirtualQuery, HeapReAlloc, Sleep, GetCurrentProcess, GetModuleHandleA, OutputDebugStringW, OutputDebugStringA, SetEndOfFile, GetProcAddress, FreeLibrary, LoadLibraryW, WaitForSingleObject, ResetEvent, SetEvent, CreateEventW, GetCurrentThreadId, GetLastError, CloseHandle, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, WriteFile, EnterCriticalSection, GetProcessHeap, GetOverlappedResult, ReleaseMutex, LoadLibraryA, CreateFileA, GetUserDefaultLangID, GetModuleFileNameA, DeleteFileA, MoveFileA, GetSystemDirectoryA, GetWindowsDirectoryA, GetVersionExA, GetLocaleInfoA, LocalHandle, LocalLock, LocalAlloc, FormatMessageA, FormatMessageW, GetCommandLineA, FreeEnvironmentStringsA, GetEnvironmentStrings, GetStartupInfoA, VirtualFree, VirtualAlloc, LCMapStringA, GetStringTypeA, GetUserDefaultLCID, WriteConsoleA, GetConsoleOutputCP, GetStringTypeExW, InterlockedCompareExchange, CreateMutexW, GetComputerNameW, MoveFileExW, GetComputerNameA, GetModuleHandleExW, LoadLibraryExW, SetFilePointerEx, SetConsoleCursorPosition

ole32.dll

CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize, CLSIDFromString, CoTaskMemAlloc

rpcrt4.dll

UuidCreate

shell32.dll

SHGetFolderPathW

user32.dll

DestroyIcon, MessageBoxW, MessageBoxA, CharToOemA, LoadStringW, CharToOemBuffA, GetSystemMetrics

winmm.dll

timeBeginPeriod, timeGetDevCaps, timeEndPeriod, timeGetTime

ws2_32.dll

WSASocketA, WSAEventSelect

spd.exe

cFosSpeed Service by cFos Software GmbH (Signed)

Remove spd.exe

Version:	9.04.2051
MD5:	5d639b11cc69938248e6cb5e98cf24f2
SHA1:	684a6eab1f20d244a88d255b8daf7a8e321a9440
SHA256:	966bf32675f8d47976eea085e831617300fa0d1c911dfab7e9e988636916f761

Warning 20 antivirus scanners has detected malware.

Overview

spd.exe is malware that runs as a service under the name cFosSpeedS (cFosSpeedS) within the local user context. The file is digitally signed by cFos Software GmbH which was issued by the GlobalSign nv-sa certificate authority (CA).

Details

File name:	spd.exe
Publisher:	cFos Software GmbH
Product name:	cFosSpeed Service
Typical file path:	C:\Program Files\cfosspeed\spd.exe
File version:	9.04.2051
Size:	161 KB (164,864 bytes)
Build date:	4/20/2013 12:24 AM
Certificate
Issued to:	cFos Software GmbH
Authority (CA):	GlobalSign nv-sa
Digital DNA
PE subsystem:	Windows Console
File packed:	No
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

cFosSpeedS
'cFosSpeedS' (cFosSpeed System Service)

Network connections

[TCP] 194.145.208.202:9327

Malware detections

Based on 40+ industry antivirus scanners, 20 of them detected the following malware.

Antivirus engine	Engine version	Detection
Agnitum	5.5.1.3	Riskware.BitCoinMiner!cN4k6V0cTKE
AhnLab V3 Internet Security	2013.09.28	Malware/Win32.Suspicious
Avira AntiVir	7.11.104.212	TR/Crypt.Agent.OSW.51
avast!	8.0.1489.320	Win32:BitCoinMiner-CA [Trj]
Baidu Antivirus	3.5.1.41473	Trojan.Win32.Agent.peo
Bkav Security	1.3.0.4246	HW32.CDB.10c6
Commtouch	5.4.1.7	W32/Trojan.NNTI-2486
Comodo Internet Security	17007	UnclassifiedMalware
ESET NOD32	7.8848	a variant of Win32/BitCoinMiner.AK
Fortinet	5.1.147.0	W32/BitCoinMiner.K
Ikarus	T3.1.5.4.0	Win32.SuspectCrc
Kaspersky	9.0.0.837	UDS:DangerousObject.Multi.Generic
McAfee	5.600.1067	RDN/Generic.tfr!cq
McAfee Gateway Anti-Malware	v2013-dat	Heuristic.BehavesLike.Win32.Suspicious-BAY.G
Panda Antivirus	10.0.3.5	Trj/CI.A
PC Tools	9.0.0.2	SecurityRisk.Bitcoinminer
Symantec	20131.1.5.61	Bitcoinminer
Trend Micro	9.740.0.1012	TROJ_GEN.R47CEF1
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.R47CEF1
VIPRE Antivirus	21872	Trojan.Win32.Generic!BT

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00109468%	0.028634%
Kernel CPU:	0.00010206%	0.013761%
User CPU:	0.00099262%	0.014873%
Kernel CPU time:	14,102 ms/min	100,923,805ms/min
CPU cycles:	343,408/sec	17,470,203/sec
Memory
Private memory:	3.25 MB	21.59 MB
Private (maximum):	5.19 MB
Private (minimum):	4.55 MB
Non-paged memory:	3.25 MB	21.59 MB
Virtual memory:	73.11 MB	140.96 MB
Virtual memory (peak):	73.11 MB	169.69 MB
Working set:	4.71 MB	18.61 MB
Working set (peak):	5.32 MB	37.95 MB
Page faults:	5,198/min	2,039/min
I/O
I/O other transfer:	1.66 KB/sec	448.09 KB/min
I/O other operations:	96/sec	1,671/min
Resource allocations
Threads:	10	12
Handles:	133	600
GUI GDI count:	4	103
GUI GDI peak:	4	142
GUI USER count:	1	49
GUI USER peak:	1	71

Process properties

Integrety level:	High
Platform:	64-bit
Command line:	"C:\users\user\appdata\roaming\adobe\flash player\speedcache\spd.exe"
Owner:	User
Windows Service
Service name:	cFosSpeedS
Display name:	cFosSpeedS
Description:	“Performs latency measurement and privileged operations for cFosSpeed”
Type:	Win32OwnProcess

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	56.52%
Microsoft Windows XP	13.04%
Windows 8 Single Language	8.70%
Windows 8 Pro with Media Center	8.70%
Windows Vista Ultimate	4.35%
Windows 7 Home Premium	4.35%
Windows 7 Professional	4.35%

Distribution by country

Egypt installs about 17.39% of cFosSpeed Service.

Distribution by PC manufacturer

PC Manufacturer	distribution
Toshiba	38.10%
ASUS	19.05%
Hewlett-Packard	19.05%
Dell	9.52%
American Megatrends	9.52%
Acer	4.76%

Remove Adware and Spyware Programs, FREE Download!