home

4e7a.tmp

The file 4e7a.tmp has been detected as a potentially unwanted program by 3 anti-malware scanners. The file has been seen being downloaded from dxc8gomuhcz9w.cloudfront.net and multiple other hosts.
Version:
1.0.1.70

MD5:
0251568f832681f7f8c6c0483d1875a5

SHA-1:
d6e215efc67d5562d680d4dfc803fb1e34206629

SHA-256:
bd2fda89b4a9ef6b80e33714e5dadc8f71cc68e9372c4caaf955590dafe27b72

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
5/6/2024 6:01:41 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160327-1

F-Secure
Trojan.GenericKD.3143956
5.15.96

Reason Heuristics
Adware.Dropper
16.4.13.22

File size:
563 KB (576,512 bytes)

Product version:
1.0.1.70

Language:
English (United States)

Common path:
C:\windows\temp\4e7a.tmp

File PE Metadata
Compilation timestamp:
4/6/2016 7:20:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
12288:e7HbYnymZ3sQLwhu3Do5Fp3rlxNnPInCHSaEVE21oMGdgCArZlQhJUmwxQDq67Gp:e7HExCHSaEVE21oMGdgCArZlQhJTwxbR

Entry address:
0x17D0

Entry point:
E8, B6, B1, 04, 00, E9, 16, AA, 04, 00, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 81, EC, 9C, 00, 00, 00, A1, B8, 81, 47, 00, 33, C5, 89, 45, FC, E8, 88, 33, 00, 00, 85, C0, 75, 08, 83, C8, FF, E9, 96, 03, 00, 00, C7, 45, F8, 01, 00, 00, 00, C7, 05, A8, 3F, 48, 00, FF, FF, FF, FF, 68, 11, 27, 00, 00, 68, F8, B4, 48, 00, E8, AC, 09, 03, 00, 83, C4, 08, 68, 22, 4E, 00, 00, 68, 80, F1, 47, 00, E8, 9A, 09, 03, 00, 83, C4, 08, 68, 11, 27, 00, 00, 68, E0, 8D, 48, 00, E8, 88, 09, 03, 00, 83, C4, 08, 81, 7D, 08, 0F, 27...
 
[+]

Entropy:
6.4238

Code size:
415.5 KB (425,472 bytes)

The file 4e7a.tmp has been seen being distributed by the following 3 URLs.

http://dxc8gomuhcz9w.cloudfront.net/.../brastub6ab_guttn_inst.exe

https://d1el702b28du4a.cloudfront.net/.../brastub6ab_gutbl_inst.exe

http://d3r8ssqwsd059p.cloudfront.net/.../brastub6ab_ftptn_inst.exe

Remove 4e7a.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.