» 340f25226a36815f073bc712147824de.exe
Overview
Analysis
File Details
Behaviors (1)

340f25226a36815f073bc712147824de.exe

The application 340f25226a36815f073bc712147824de.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 11564 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

MD5:

a6c8139a6a8ee16ed694c13aa11ab1e7

SHA-1:

2b514b9ea0bd7dfa70d658b5f79249ef82fdad25

SHA-256:

c3fd5fdca6bd8411e620b1443efe1536c89ce86a5e871860be002d7431925f7a

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 5:22:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.129792

657

Agnitum Outpost

PUA.Tirrip

7.1.1

AhnLab V3 Security

Adware/Win32.Tirrip

2015.04.19

Avira AntiVirus

ADWARE/Tirrip.452096

3.6.1.96

avast!

Win32:Adware-gen [Adw]

2014.9-150419

AVG

Adware Generic6.RXP

2014.0.4311

Bitdefender

Gen:Variant.Zusy.129792

1.0.20.545

Clam AntiVirus

Win.Adware.Agent-40093

0.98/20344

Comodo Security

Application.Win32.Tirrip.AKO

21818

Dr.Web

Adware.Pirrit.19

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.129792

8.15.04.19.06

ESET NOD32

Win32/Adware.Pirrit.T application

9.7.0.302.0

F-Prot

W32/S-b71f1a7a

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.129792

11.2015-19-04_1

G Data

Gen:Variant.Zusy.129792

15.4.25

herdProtect (fuzzy)

variant of memoryocrgui.exe

2015.7.20.19

IKARUS anti.virus

PUA.Pirrit

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.200.15204

Kaspersky

not-a-virus:AdWare.Win32.Tirrip

15.0.0.543

Malwarebytes

PUP.Optional.Pirrit.A

v2015.04.19.06

MicroWorld eScan

Gen:Variant.Zusy.129792

16.0.0.327

NANO AntiVirus

Trojan.Win32.Generic.dorcyv

0.30.16.1110

nProtect

Trojan-Clicker/W32.Tirrip.452096

15.04.17.01

Panda Antivirus

Trj/Genetic.gen

15.04.19.06

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.19.2

Vba32 AntiVirus

AdWare.Tirrip

3.12.26.3

VIPRE Antivirus

Threat.4150696

39354

Zillya! Antivirus

Adware.Tirrip.Win32.81

2.0.0.2091

File size:

441.5 KB (452,096 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\e3dc0c73392a96412e934b8e872dc387\340f25226a36815f073bc712147824de.exe

File PE Metadata

Compilation timestamp:

2/24/2015 4:10:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:U+sLfIBvOWMlkakUsx6jUeX3QOdMds+Bx:rB4kakUsx6Yzs+Bx

Entry address:

0x15DB6

Entry point:

E8, 98, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 64, 46, 00, 89, 0D, 74, 64, 46, 00, 89, 15, 70, 64, 46, 00, 89, 1D, 6C, 64, 46, 00, 89, 35, 68, 64, 46, 00, 89, 3D, 64, 64, 46, 00, 66, 8C, 15, 90, 64, 46, 00, 66, 8C, 0D, 84, 64, 46, 00, 66, 8C, 1D, 60, 64, 46, 00, 66, 8C, 05, 5C, 64, 46, 00, 66, 8C, 25, 58, 64, 46, 00, 66, 8C, 2D, 54, 64, 46, 00, 9C, 8F, 05, 88, 64, 46, 00, 8B, 45, 00, A3, 7C, 64, 46, 00, 8B, 45, 04, A3, 80, 64, 46, 00, 8D, 45, 08, A3, 8C, 64, 46... 
[+]

Entropy:

6.4351

Code size:

337.5 KB (345,600 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:11564/

Local host port:

11564

Default credentials:

Remove 340f25226a36815f073bc712147824de.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.