» oooc3bb.tmp
Overview
Analysis
File Details

oooc3bb.tmp

The file oooc3bb.tmp has been detected as malware by 31 anti-virus scanners.

File name:

oooc3bb.tmp

MD5:

1069d4451faf85accd1f9f8d2fad0bf8

SHA-1:

d917f74e8d3f8bc2bc2dcd2c57680a80e870b41e

SHA-256:

774b1f86a542693bc8794a2e27668b2d5140a8ad644009d8a5dcb60a6edcf2c0

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/20/2024 1:19:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.428965

865

AhnLab V3 Security

Dropper/Win32.Necurs

2014.09.23

Avira AntiVirus

TR/Injector.870402

7.11.173.208

avast!

Win32:Malware-gen

140908-2

AVG

Trojan horse Crypt3.AJFW

2014.0.4015

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14922

Bitdefender

Gen:Variant.Kazy.428965

1.0.20.1325

Dr.Web

Trojan.DownLoad.64914

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.428965

14.09.22

ESET NOD32

Win32/Kryptik.CIMI trojan

7.0.302.0

Fortinet FortiGate

W32/Kryptik.CIMI!tr

9/22/2014

F-Prot

W32/Trojan2.OLHC

v6.4.6.5.141

F-Secure

Gen:Variant.Kazy.428965

11.2014-22-09_2

G Data

Gen:Variant.Kazy.428965

14.9.24

K7 AntiVirus

Trojan

13.202.15581

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3212

McAfee

Trojan-FEOD!1069D4451FAF

5600.6999

Microsoft Security Essentials

Threat.Undefined

1.185.769.0

MicroWorld eScan

Gen:Variant.Kazy.428965

15.0.0.795

NANO AntiVirus

Trojan.Win32.DownLoad.dduaky

0.28.2.62286

nProtect

Trojan-PWS/W32.Fareit.87040.E

15.04.13.01

Panda Antivirus

Trj/Genetic.gen

14.09.22.02

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.14.22

Rising Antivirus

PE:Trojan.Win32.Generic.171E9F49!387882825

23.00.65.14920

Sophos

Troj/Cutwail-BH

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Kryptik

10344

Trend Micro House Call

TROJ_CUTWAIL.SM7

7.2.265

Trend Micro

TROJ_GEN.R0C1C0DHJ14

10.465.22

Vba32 AntiVirus

TrojanPSW.Fareit

3.12.26.3

VIPRE Antivirus

Threat.5063986

33120

Zillya! Antivirus

Trojan.Fareit.Win32.7049

2.0.0.1929

File size:

85 KB (87,040 bytes)

Common path:

C:\users\{user}\appdata\local\temp\oooc3bb.tmp

File PE Metadata

Compilation timestamp:

8/8/2014 4:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

1536:qvSoXWAHf8xfDljdy2xf/Tx+dX+EusnQeQzWz2hO/Tx1DZup0EjZ27mu/UBZ:qqq/8xfBjdP5/Tx2qyTxOPqU7

Entry address:

0x12C4

Entry point:

50, E8, 54, 04, 00, 00, 6A, 00, E8, 2F, FD, FF, FF, 0B, DB, 0F, 84, 2F, 00, 00, 00, 51, 8B, 8B, 80, 40, 41, 00, 01, D9, 89, 8B, 80, 40, 41, 00, 59, 50, 8B, 83, 84, 40, 41, 00, 01, D8, 89, 83, 84, 40, 41, 00, 58, FF, B3, 5C, 4E, 41, 00, 01, 1C, 24, 8F, 83, 5C, 4E, 41, 00, 03, 83, 5C, 4E, 41, 00, 50, 2B, 83, 5C, 4E, 41, 00, 29, 04, 24, E8, 7C, 08, 00, 00, C7, 83, 50, 4E, 41, 00, 00, 00, 00, 00, 51, C7, 04, 24, 5D, 13, 40, 00, 58, 52, 89, C2, 01, DA, 89, D0, 5A, 53, 50, 64, 03, 3D, 00, 00, 00, 00, 57, 64, 2B... 
[+]

Entropy:

6.0338

Code size:

71.5 KB (73,216 bytes)

Remove oooc3bb.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.