» a96b.tmp.exe
Overview
Analysis
File Details

a96b.tmp.exe

Track

PWI, Inc.

The executable a96b.tmp.exe has been detected as malware by 10 anti-virus scanners.

File name:

a96b.tmp.exe

Publisher:

CSoft Technologies Inc. (signed by PWI, Inc.)

Product:

Track

Version:

6.04

MD5:

bd0c87b7b137f66149546075a4e0d1ca

SHA-1:

41321b35935f4a2776eb2ed210412dcdc0797160

SHA-256:

766c1e4f184067849acc96d19b27745286833e40c8e392d99dade7e61f6aa127

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/19/2024 8:59:16 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160327-1

Dr.Web

Trojan.DownLoader18.46667

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.60351

11.5.0.6191

ESET NOD32

Win32/Injector.CPRO trojan

8.0.319.0

F-Prot

W32/VB.DPU

4.6.5.141

F-Secure

Variant.Symmi.60351

5.15.96

Kaspersky

Trojan.Win32.Kovter

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.217.1669.0

Norman

Gen:Variant.Symmi.60351

02.04.2016 17:35:19

VIPRE Antivirus

Threat.4150696

29708

File size:

370.3 KB (379,212 bytes)

Product version:

6.04

Original file name:

Track.exe

File type:

Executable application (Win32 EXE)

Language:

Japonski (Japonia)

Common path:

C:\users\{user}\appdata\local\temp\a96b.tmp.exe

Digital Signature

Signed by:

PWI, Inc.

Authority:

VeriSign, Inc.

Valid from:

5/7/2013 1:00:00 AM

Valid to:

7/7/2014 12:59:59 AM

Subject:

CN="PWI, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="PWI, Inc.", L=New Albany, S=Ohio, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

50162F95815C2D310127D687A5CD7B15

File PE Metadata

Compilation timestamp:

1/7/2016 6:29:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:tZRXXXXXXXXXXXXXXXXXXXXzL7lAA8y2Z448XItjSxnnyn2R7/hi9CigkVG7HLav:trXXXXXXXXXXXXXXXXXXXX5LSkYtjSZk

Entry address:

0x126C

Entry point:

68, 90, D7, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 43, DB, 05, E4, DE, 98, AC, 48, 91, 01, 6C, 5E, C2, 64, BA, E9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 0A, 43, 61, 70, 74, 69, 46, 75, DF, 70, 72, 6F, 62, 6C, 65, 6D, 61, 74, 69, 6B, 65, 6E, 00, 20, 20, 20, 22, 4D, 69, 73, 00, 00, 00, 00, FF, CC, 31, 00, 13, B7, D7, EE, C9, 28, B9, 0C, 4F, 8B, E2, 3A, 59, 8E, 2A, 9A, CD, 86, ED, B1, 6C, 5F, 10, 23, 42, A0, 39, 4D, D2, F7, E4, 7C, AB, 3A, 4F, AD... 
[+]

Entropy:

7.1398

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

332 KB (339,968 bytes)

Remove a96b.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.