home

msc4c9.tmp.exe

Finance Alert

Valid Applications

The software will display additional offers (such as adware) during installation including a browser toolbar/extension as well as advertising injection software (part of the Injekt brand). The application msc4c9.tmp.exe by Valid Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from champs5x.tinyboxarcade.com.
Publisher:
Valid Applications  (signed and verified)

Product:
Finance Alert

Version:
3.0.89.5

MD5:
a95c889f4c88f8f8374deb8084abd206

SHA-1:
c1f04fa43bc2bab6cdb568069f6baf0a5472d47b

SHA-256:
a36ba669310e5f67d8b8fca162b67a77c11a6c2c02617389d2793aca13493c59

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/6/2024 12:20:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt.ValidApplications.Installer (M)
16.1.8.0

File size:
5 MB (5,292,984 bytes)

Product version:
3.0.89.5

Copyright:
Copyright (C) 2015 Valid Applications

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\msc4c9.tmp.exe

Digital Signature
Signed by:
Valid Applications

Authority:
Symantec Corporation

Valid from:
9/21/2015 8:00:00 PM

Valid to:
11/20/2016 6:59:59 PM

Subject:
CN=Valid Applications, O=Valid Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5AF15E58D032F4F8F6AA6B3990AF0257

File PE Metadata
Compilation timestamp:
1/5/2016 12:52:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:GBEFeK4NylBHK6RhUiLJoSzsDCMv4MDVzCd0FZq8idNzyewRdxpW1c+o9dL:GB11AlL+uNjMg2VWd0FZqDwryfo9l

Entry address:
0x6FD7

Entry point:
E8, CF, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 36, 42, 00, E8, D3, 55, 00, 00, E8, 54, 2A, 00, 00, 0F, B7, F0, 6A, 02, E8, 62, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 76, 53, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8057  (probably packed)

Code size:
107 KB (109,568 bytes)

The file msc4c9.tmp.exe has been seen being distributed by the following URL.

http://champs5x.tinyboxarcade.com/fa/.../Setup.exe

Remove msc4c9.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.