» 2b.tmp
Overview
Analysis
File Details
Behaviors (1)

2b.tmp

The file 2b.tmp has been detected as malware by 28 anti-virus scanners.

File name:

2b.tmp

MD5:

98e629356830171dd7a3d3edc0f9022d

SHA-1:

dce1c3f2c5981de14b8fb00f925872e8656428af

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/25/2024 6:17:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.555749

715

Agnitum Outpost

Trojan.PR.Bunitu

7.1.1

Avira AntiVirus

TR/Crypt.Xpack.99023

7.11.211.72

avast!

Win32:Malware-gen

2014.9-150219

AVG

Inject2

2016.0.3193

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.15219

Bitdefender

Gen:Variant.Kazy.555749

1.0.20.250

Bkav FE

HW32.Packed

1.3.0.6379

Dr.Web

Trojan.DownLoad3.35720

9.0.1.050

Emsisoft Anti-Malware

Gen:Variant.Kazy.555749

8.15.02.19.12

ESET NOD32

Win32/Injector.BUQD (variant)

9.11198

Fortinet FortiGate

W32/BUQD.TJ!tr

2/19/2015

F-Secure

Gen:Variant.Kazy.555749

11.2015-19-02_5

G Data

Gen:Variant.Kazy.555749

15.2.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.196.15011

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2462

Malwarebytes

Trojan.Agent.ED

v2015.03.02.12

McAfee

Generic-FAVY!98E629356830

5600.6849

Microsoft Security Essentials

TrojanDropper:Win32/Bunitu

1.1.11400.0

MicroWorld eScan

Gen:Variant.Kazy.555749

16.0.0.150

NANO AntiVirus

Trojan.Win32.DownLoad3.dnqgmr

0.30.0.296

Panda Antivirus

Trj/Genetic.gen

15.02.19.12

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.2.0

Sophos

Mal/Zbot-TJ

4.98

Total Defense

Win32/Tnega.DGBGXVC

37.0.11453

Trend Micro House Call

TROJ_GEN.R072H01BH15

7.2.50

VIPRE Antivirus

Trojan.Win32.Generic

37692

File size:

93.1 KB (95,329 bytes)

Common path:

C:\windows\temp\2b.tmp

File PE Metadata

OS version:

4.257

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.1

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:NYpgWGj6Od65sr82qkv9NlzyAGCUMX6o6Gh9tZpcff1RdURn5IhQ6Lb3fRK:NugWwT8c9feGUMR6Gaff1/UfCQC3fRK

Entry address:

0x298C

Entry point:

55, 8B, EC, 6A, FF, 68, 60, 37, 90, 00, 68, 16, 2C, 90, 90, 64, A1, 01, 00, 00, 00, 50, 64, 89, 25, 90, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, BC, 57, 40, 00, 59, 83, 0D, E8, 41, 40, 00, FF, 83, 0D, EC, 41, 40, 00, FF, 90, 15, 00, 58, 40, 00, 8B, 0D, DC, 41, 40, 00, 89, 08, FF, 15, D0, 57, 40, 00, 8B, 0D, D8, 41, 40, 00, 89, 08, A1, D4, 57, 40, 00, 8B, 00, A3, E4, 41, 40, 00, E8, 06, 02, 00, 00, 39, 1D, E0, 40, 40, 00, 75, 0C, 68, 00, 2C, 40, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

8 KB (8,192 bytes)

Windows Firewall Allowed Program

Name:

C:\WINDOWS\TEMP\2B.tmp

Remove 2b.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.