» ca7b76.tmp.exe
Overview
Analysis
File Details

ca7b76.tmp.exe

CrushArcade Games

CrushArcade

The application ca7b76.tmp.exe, “Application Installer” by CrushArcade has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory.

File name:

ca7b76.tmp.exe

Publisher:

CrushArcade (signed and verified)

Product:

CrushArcade Games

Description:

Application Installer

Version:

1.0.1.1

MD5:

7eb34511abe1c3a960dd4649455c583b

SHA-1:

d191a99f193c5281f9befd77e98ac78ba789f13e

SHA-256:

9c7fe5d779cc3182269d4a9e11c73deae3369d9d6d87824c276f0f45f688b0e7

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/19/2024 9:45:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2407936

564

Avira AntiVirus

BDS/Backdoor.Gen3

7.11.30.172

AVG

Generic

2016.0.3042

herdProtect (fuzzy)

variant of cab80c.tmp.exe (Adware)

2015.7.20.19

IKARUS anti.virus

PUA.FlowSurf

t3scan.1.8.9.0

Malwarebytes

PUP.Optional.CrushArcade.A

v2015.06.04.03

MicroWorld eScan

Trojan.GenericKD.2407936

16.0.0.603

Reason Heuristics

Threat.EpicPlay.Installer

15.4.19.3

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

8.6 MB (9,017,128 bytes)

Product version:

1.0.1.1

Original file name:

Installer

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\ca7b76.tmp.exe

Digital Signature

Signed by:

CrushArcade

Authority:

thawte, Inc.

Valid from:

11/22/2014 6:00:00 PM

Valid to:

11/22/2016 5:59:59 PM

Subject:

CN=CrushArcade, O=CrushArcade, L=Irvine, S=California, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

420B76B85E9C8DAC64327368DE6214CA

File PE Metadata

Compilation timestamp:

2/27/2015 3:16:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

196608:+o014Kv8gxTsjYLH9yOuxkaJhEGresY5pBwQt1Ime/NaM2Dw9:+o0iKqYD8OeJhbrepjBdIloM2M9

Entry address:

0x2E446

Entry point:

E8, 9A, A7, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, AC, A9, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 84, A0, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 04, E8, 45, 00, 74, 11, A1, CC, E8, 45, 00, 85, 42, 70, 75, 07, E8, 64, AC, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 78, E1, 45, 00, 74, 15, 8B, 4E, 08, A1, CC, E8, 45, 00, 85, 41, 70, 75, 08, E8... 
[+]

Entropy:

7.9809 (probably packed)

Code size:

299.5 KB (306,688 bytes)

Remove ca7b76.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.