home

ctimer.exe

Code Techno

The application ctimer.exe by Code Techno has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.harmonyhollow.net.
Publisher:
Code Techno  (signed and verified)

MD5:
5b8df547b01cf95b47a62dde9dd6a1aa

SHA-1:
6306132c5f4e30bc9a870fa653b48a2436d75976

SHA-256:
9930320d9d854e9503c12a6ea3728ff8ba4ed5eee98d5ac81891f835ce0093c9

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:02:42 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.174.252

AVG
Generic
2015.0.3336

Dr.Web
Adware.DAdmin.151
9.0.1.0273

ESET NOD32
Win32/DownloadAdmin
8.10477

Fortinet FortiGate
Riskware/DownloadAdmin
9/30/2014

F-Secure
Adware:W32/WebInstallBundle
11.2014-30-09_3

Malwarebytes
PUP.Optional.DownloadAdmin
v2014.09.30.09

McAfee
Artemis!5B8DF547B01C
5600.6992

Reason Heuristics
PUP.CodeTechno.G
14.9.30.9

Sophos
Generic PUA GD
4.98

VIPRE Antivirus
DownloadAdmin
33494

File size:
912.6 KB (934,496 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\ctimer.exe

Digital Signature
Signed by:
Code Techno

Authority:
VeriSign, Inc.

Valid from:
2/25/2014 7:00:00 PM

Valid to:
2/25/2017 6:59:59 PM

Subject:
CN=Code Techno, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Code Techno, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57F2A4C1987266C5627CFFB542729A0B

File PE Metadata
Compilation timestamp:
6/17/2014 11:35:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:0xpJMyVWJ0q4kfS6wKhmcRf6vEh7+KAFgtp51idtDWEqOWtVr2/NoPH48u:IpanJ0ZkKIh7mFgfidtDWEn20/NoY

Entry address:
0x3341

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, F8, 24, 7A, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, 00, 24, 7A, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, 00, 1C, 7A, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 80, 7A, 00, 57, E8, 0B, 24, 00, 00...
 
[+]

Entropy:
7.5051

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ctimer.exe has been seen being distributed by the following URL.

http://www.harmonyhollow.net/.../ctimer.exe

Remove ctimer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.