» a544.tmp
Overview
Analysis
File Details

a544.tmp

The file a544.tmp has been detected as malware by 26 anti-virus scanners.

File name:

a544.tmp

MD5:

7175e556b255c76396d11bd5a21e80c4

SHA-1:

04bcfef8ed8adc09382e9d119c6246ebf84d0164

SHA-256:

eaffbf1171fed738f318ea01056bf00f3ad4ce22dfcd3566490e2ab2b44f6382

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/19/2024 3:25:07 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Simda

7.1.1

AhnLab V3 Security

Trojan/Win32.Necurs

2015.03.04

Avira AntiVirus

TR/Crypt.XPACK.Gen7

7.11.188.28

avast!

Win32:Malware-gen

141119-1

AVG

Simda

2016.0.3176

Clam AntiVirus

Win.Trojan.Simda-699

0.98/21511

Comodo Security

Backdoor.Win32.Simda.CSU

21286

Dr.Web

Trojan.Rodricter.153

9.0.1.05190

ESET NOD32

Win32/Simda.B trojan

7.0.302.0

Fortinet FortiGate

W32/Simda.BPUB!tr

3/9/2015

F-Prot

W32/A-7258f9fe

v6.4.7.1.166

IKARUS anti.virus

Backdoor.Win32.Simda

t3scan.1.8.6.0

Kaspersky

Backdoor.Win32.Simda

14.0.0.2375

Malwarebytes

Trojan.Agent.FSAVXGen

v2014.11.21.09

McAfee

Trojan.Packed-APIXOR!3FE3E84D1515

5600.6832

Microsoft Security Essentials

Threat.Undefined

1.193.1548.0

NANO AntiVirus

Trojan.Win32.Rodricter.djeyld

0.30.0.296

nProtect

Backdoor/W32.Simda.803840.D

15.03.04.01

Panda Antivirus

Trj/Genetic.gen

15.03.09.02

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.9.2

SUPERAntiSpyware

Backdoor.Simda/Variant

10009

Total Defense

Win32/Simda.QYcYdUB

37.0.11475

Vba32 AntiVirus

BScope.Trojan.Simda.01718

3.12.26.3

VIPRE Antivirus

Threat.4150696

38050

Zillya! Antivirus

Backdoor.Simda.Win32.1932

2.0.0.2088

File size:

785 KB (803,840 bytes)

Common path:

C:\users\{user}\appdata\local\temp\a544.tmp

File PE Metadata

Compilation timestamp:

11/21/2014 5:36:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:zEqXBSdM6npNrzB9m6ZouM+3fHucLd6rOrppNr:fOB9RoD+vHuG

Entry address:

0x17E0

Entry point:

55, 8B, EC, 83, EC, 08, A1, 68, 5C, 4C, 00, C1, E8, 17, A3, 5C, 5C, 4C, 00, 68, A8, 5C, 4C, 00, FF, 15, 58, 20, 40, 00, 68, AC, 5C, 4C, 00, FF, 15, 74, 21, 40, 00, 68, B0, 5C, 4C, 00, FF, 15, 50, 20, 40, 00, 68, A1, 05, 00, 00, 6A, 00, FF, 15, 1C, 22, 40, 00, 85, C0, 74, 05, E8, B6, FF, FF, FF, C7, 05, 5C, 5C, 4C, 00, 00, 00, 00, 00, EB, 0F, 8B, 0D, 5C, 5C, 4C, 00, 83, C1, 01, 89, 0D, 5C, 5C, 4C, 00, 83, 3D, 5C, 5C, 4C, 00, 16, 73, 0D, 68, B4, 5C, 4C, 00, FF, 15, 50, 20, 40, 00, EB, DB, C7, 05, 78, 5C, 4C... 
[+]

Entropy:

5.4046

Developed / compiled with:

Microsoft Visual C++

Code size:

3 KB (3,072 bytes)

Remove a544.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.