» 70fd.tmp
Overview
Analysis
File Details
Network (12)

70fd.tmp

The file 70fd.tmp has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

70fd.tmp

MD5:

421d7e8b4900a77d50e5b70fa94d18c3

SHA-1:

50dae72835545826a6b70e0642543d0a51f86b9b

SHA-256:

474496f691e95e700c55f83fb2fe832acf331ab19f55a7a2ba8499585bfa275c

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:46:02 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Adware.ConvertAd.AIL application

6.3.12010.0

Reason Heuristics

PUP.ConvertAd.ET (M)

17.2.12.19

File size:

302.5 KB (309,760 bytes)

Common path:

C:\windows\temp\70fd.tmp

File PE Metadata

Compilation timestamp:

2/12/2017 9:12:18 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x141C5

Entry point:

E8, 90, 07, 00, 00, E9, 8E, FE, FF, FF, FF, 25, A8, 21, 43, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 7A, FD, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 64, FD, FF, FF, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, CC... 
[+]

Code size:

196 KB (200,704 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ec2-52-45-168-108.compute-1.amazonaws.com (52.45.168.108:443)

TCP (HTTP):

Connects to server-54-192-19-97.iad12.r.cloudfront.net (54.192.19.97:80)

TCP (HTTP):

Connects to server-54-192-129-51.ams50.r.cloudfront.net (54.192.129.51:80)

TCP (HTTP):

Connects to server-54-192-129-249.ams50.r.cloudfront.net (54.192.129.249:80)

TCP (HTTP):

Connects to server-54-192-129-148.ams50.r.cloudfront.net (54.192.129.148:80)

TCP (HTTP):

Connects to server-52-85-77-32.lax3.r.cloudfront.net (52.85.77.32:80)

TCP (HTTP):

Connects to server-52-85-77-109.lax3.r.cloudfront.net (52.85.77.109:80)

TCP (HTTP):

Connects to server-52-85-77-101.lax3.r.cloudfront.net (52.85.77.101:80)

TCP (HTTP):

Connects to server-52-85-77-10.lax3.r.cloudfront.net (52.85.77.10:80)

TCP (HTTP):

Connects to server-52-85-63-161.lhr50.r.cloudfront.net (52.85.63.161:80)

TCP (HTTP):

Connects to server-52-85-63-109.lhr50.r.cloudfront.net (52.85.63.109:80)

TCP (HTTP SSL):

Connects to ec2-54-83-176-117.compute-1.amazonaws.com (54.83.176.117:443)

Remove 70fd.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.