» tdnigutstub18c_guttn_inst.exe
Overview
Analysis
File Details
Downloads (1)

tdnigutstub18c_guttn_inst.exe

The executable tdnigutstub18c_guttn_inst.exe has been detected as malware by 27 anti-virus scanners. The file has been seen being downloaded from dxc8gomuhcz9w.cloudfront.net.

File name:

Version:

1.0.1.18

MD5:

4f1c2d045bdf10a96b2d90c39812d6e4

SHA-1:

ea5442195e47a6db7bc28ee7ba29b3e34fbf6f05

SHA-256:

64cdf22df42205dd5f546103054649b9c80364698d8f0b0f1d3a9ad6c779b66f

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

5/6/2024 5:08:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2887967

403

AhnLab V3 Security

Malware/Gen.Generic

2015.12.18

Avira AntiVirus

TR/Agent.101376.219

8.3.2.4

Arcabit

Trojan.Generic.D2C111F

1.0.0.629

avast!

Win32:Dropper-gen [Drp]

2014.9-151228

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.151228

Bitdefender

Trojan.GenericKD.2887967

1.0.20.1810

Dr.Web

Trojan.MulDrop6.14481

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKD.2887967

8.15.12.28.12

ESET NOD32

Generik.LWEQEXS (variant)

9.12738

Fortinet FortiGate

W32/Sysn.BGXE!tr

12/28/2015

F-Secure

Trojan.GenericKD.2887967

11.2015-28-12_2

G Data

Trojan.GenericKD.2887967

15.12.25

IKARUS anti.virus

Trojan-Dropper.Win32.Sysn

t3scan.1.9.5.0

Kaspersky

Trojan-Dropper.Win32.Sysn

15.0.0.562

McAfee

Artemis!4F1C2D045BDF

5600.6537

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.2887967

16.0.0.1086

NANO AntiVirus

Trojan.Win32.MulDrop6.dyzgwg

1.0.10.5081

nProtect

Trojan.GenericKD.2887967

15.12.17.01

Panda Antivirus

Trj/GdSda.A

15.12.28.12

Quick Heal

(Suspicious) - DNAScan

11.15.14.00

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

9420

Total Defense

Win32/Dynamer.ZADQ!suspicious

37.1.62.1

Trend Micro

TROJ_GEN.R021C0EKQ15

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

45902

File size:

99 KB (101,376 bytes)

Product version:

1.0.1.18

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\tdnigutstub18c_guttn_inst.exe

File PE Metadata

Compilation timestamp:

11/19/2015 5:02:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

14.0

CTPH (ssdeep):

3072:mB9NJuoD0R0WJvspyglupoCYxK/AYLdRb:wAoDT8G8lLPb

Entry address:

0x4F7B

Entry point:

E8, 06, 03, 00, 00, E9, 7A, FE, FF, FF, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, 3C, 22, 41, 00, 74, 0A, 6A, 0C, 56, E8, 9D, FD, FF, FF, 59, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 51, 56, FF, 75, 08, 8B, F1, 89, 75, FC, E8, A9, F9, FF, FF, C7, 06, 44, 22, 41, 00, 8B, C6, 5E, 8B, E5, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 4C, 22, 41, 00, C7, 01, 44, 22, 41, 00, C3, 55, 8B, EC, 83, EC, 0C, 8D, 4D, F4, E8, DA, FF, FF, FF, 68, 9C, 76, 41, 00, 8D, 45, F4, 50, E8, C2, 1B... 
[+]

Entropy:

6.4304

Code size:

65 KB (66,560 bytes)

The file tdnigutstub18c_guttn_inst.exe has been seen being distributed by the following URL.

http://dxc8gomuhcz9w.cloudfront.net/.../tdnigutstub18c_guttn_inst.exe

Remove tdnigutstub18c_guttn_inst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.