» ~0bb8556e.tmp
Overview
Analysis
File Details

~0bb8556e.tmp

Microsoft Active Directory Certificate Services Client

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file ~0bb8556e.tmp, “Microsoft® Active Directory Certificate Services Client” has been detected as malware by 31 anti-virus scanners.

File name:

~0bb8556e.tmp

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Microsoft® Active Directory Certificate Services Client

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

MD5:

c22f9fb54417eb2d8b46f99e925d800b

SHA-1:

f58118c8425a0ef02a87e6c1ec6dccdbf8226328

SHA-256:

e8208c8d672a48feebe52bdb8b30738efba5d0bcb6ad815a776e23beb924b8a4

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/26/2024 10:15:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12830417

521

Agnitum Outpost

Backdoor.Papras

7.1.1

AhnLab V3 Security

Trojan/Win32.Dynamer

2015.05.04

avast!

Win32:Crypt-RWH [Trj]

2014.9-150901

AVG

PSW.Generic12

2016.0.2999

Baidu Antivirus

Backdoor.Win32.Papras

4.0.3.1591

Bitdefender

Trojan.Generic.12830417

1.0.20.1220

Bkav FE

HW32.Packed

1.3.0.6379

Dr.Web

Trojan.PWS.Papras.601

9.0.1.0244

Emsisoft Anti-Malware

Trojan.Generic.12830417

8.15.09.01.03

ESET NOD32

Win32/PSW.Papras.DU

9.11568

Fortinet FortiGate

W32/Papras.DU!tr.bdr

9/1/2015

F-Secure

Trojan.Generic.12830417

11.2015-01-09_3

G Data

Trojan.Generic.12830417

15.9.25

IKARUS anti.virus

Trojan.Win32.PSW

t3scan.1.8.9.0

K7 AntiVirus

Password-Stealer

13.203.15786

Kaspersky

Backdoor.Win32.Papras

14.0.0.1492

McAfee

Artemis!C22F9FB54417

5600.6655

Microsoft Security Essentials

Backdoor:Win32/Vawtrak!rfn

1.1.11602.0

MicroWorld eScan

Trojan.Generic.12830417

16.0.0.732

NANO AntiVirus

Trojan.Win32.Papras.dpaktn

0.30.24.1357

Norman

Troj_Generic.ZMKRW

11.20150901

nProtect

Trojan.Generic.12830417

15.04.30.01

Panda Antivirus

Generic Suspicious

15.09.01.03

Qihoo 360 Security

Win32/Backdoor.f7f

1.0.0.1015

Quick Heal

Backdoor.Papras.r4

9.15.14.00

Sophos

Mal/Vawtrak-H

4.98

Trend Micro House Call

TROJ_GEN.R047C0DCL15

7.2.244

Trend Micro

TROJ_GEN.R047C0DCL15

10.465.01

Vba32 AntiVirus

Backdoor.Papras

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39902

File size:

290 KB (296,960 bytes)

Product version:

6.1.7601.17514

Original file name:

CertCli

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\~0bb8556e.tmp

File PE Metadata

Compilation timestamp:

3/11/2007 4:37:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:JyfE84u8Z7j+QLzwiysvbqQk/Au7V9A6hr2ld65gAb:JuUjvwGS5xFt2lOg

Entry address:

0x3357

Entry point:

68, 88, 2B, 00, 10, 68, 80, 2B, 00, 10, 68, 00, 70, 04, 10, FF, 15, 44, 11, 00, 10, 68, 77, 2B, 00, 10, 68, 73, 2B, 00, 10, 68, 00, 70, 04, 10, FF, 15, 3C, 11, 00, 10, 6A, 20, 68, 00, 70, 04, 10, FF, 15, 30, 11, 00, 10, 68, 61, 2B, 00, 10, FF, 15, 40, 11, 00, 10, 68, 57, 2B, 00, 10, 6A, 00, FF, 15, 4C, 11, 00, 10, E9, 05, F8, FF, FF, 55, 8B, EC, 83, EC, 40, 8B, 0D, 9A, 2B, 00, 10, 81, E9, 92, B9, 57, A2, 89, 4D, D0, 8B, 45, D0, 2D, 32, F2, 5D, 6A, 89, 45, CC, 8B, 4D, D0, 81, E9, 32, F2, 5D, 6A, 89, 4D, F8... 
[+]

Entropy:

7.6248

Packer / compiler:

PKLITE32 v1.1

Code size:

204 KB (208,896 bytes)

Remove ~0bb8556e.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.