home

tcm-ao-vivo.exe

RBMF TECHNOLOGIES LLC

The application tcm-ao-vivo.exe by RBMF TECHNOLOGIES has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.outfilesbox.com.
Publisher:
RBMF TECHNOLOGIES LLC  (signed and verified)

MD5:
94d5835b137d7ce0016ea4f90bb2645f

SHA-1:
a63bcfc18c1a0cb36b3bbd5ff7a0893167bab990

SHA-256:
5c527c7a024a67133f4bcbad96ddf58fe747da791ca5849fc7b06dc867b97261

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:18:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11495399
840

AegisLab AV Signature
AdWare.W32.AirAdInstaller
2.1.4+

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
PUP-gen [PUP]
141003-0

AVG
Adware BundleApp_r.C
2014.0.4040

Bitdefender
Trojan.Generic.11495399
1.0.20.1450

Dr.Web
Trojan.DownLoad3.33983
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.11495399
14.10.17

ESET NOD32
Win32/Downloader.Agent.Q potentially unwanted application
7.0.302.0

F-Secure
Trojan.Generic.11495399
11.2014-17-10_6

G Data
Trojan.Generic.11495399
14.10.24

IKARUS anti.virus
PUA.Downloader.Agent
t3scan.1.7.8.0

MicroWorld eScan
Trojan.Generic.11495399
15.0.0.870

NANO AntiVirus
Trojan.Win32.MLW.dciyyt
0.28.2.62671

nProtect
Trojan.Generic.11495399
14.10.17.01

Reason Heuristics
PUP.RBMFTECHNOLOGIES.L
14.10.17.12

Rising Antivirus
PE:Malware.Todos!6.33
23.00.65.141015

VIPRE Antivirus
Threat.4150696
33706

File size:
2.4 MB (2,521,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tcm-ao-vivo.exe

Digital Signature
Signed by:
RBMF TECHNOLOGIES LLC

Authority:
Starfield Technologies, Inc.

Valid from:
4/2/2014 3:45:28 PM

Valid to:
4/2/2015 3:45:28 PM

Subject:
CN=RBMF TECHNOLOGIES LLC, O=RBMF TECHNOLOGIES LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
041A087CFD0749

File PE Metadata
Compilation timestamp:
8/30/2013 12:11:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:6r2U9wFZepmEFnMVivZh7V5ZGNHBiBL9JAh3IJ/HhChF3japCQg:6r2EyZepmEFnmKH5CYL9JAh3I5AxjaMV

Entry address:
0x541D80

Entry point:
60, BE, 00, F0, 6E, 00, 8D, BE, 00, 20, D1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
2.3 MB (2,437,120 bytes)

The file tcm-ao-vivo.exe has been seen being distributed by the following URL.

http://cdn.outfilesbox.com/services.php?action=generate&s=p&h=1374202900&p=VGNtIEFvIFZpdm8pLXwtaHR0cDovL2Fvdml2b2Fnb3JhLmNvbS9Bb1Zpdm8vdGNtLWFvLXZpdm8vLXwtJm5ic3A7

Remove tcm-ao-vivo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.