» tdnistub_ftptn_inst.exe
Overview
Analysis
File Details
Downloads (1)

tdnistub_ftptn_inst.exe

The executable tdnistub_ftptn_inst.exe has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from d3r8ssqwsd059p.cloudfront.net.

File name:

Version:

1.0.1.42

MD5:

0233627356a21b2ae1020db59f45c752

SHA-1:

1ca67a53436947b93a0df2e4a05cd0df80e1386a

SHA-256:

621a872322078d451538990f67ebe04de0ea2c1b366b6bdfa3323ba862a409ba

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/26/2024 7:47:58 AM UTC (today)

Scan engine

Detection

Engine version

F-Secure

Trojan.GenericKD.3027000

5.15.21

Norman

Trojan.GenericKD.3027000

03.02.2016 07:38:05

Reason Heuristics

(M)

16.6.6.19

File size:

367.5 KB (376,320 bytes)

Product version:

1.0.1.42

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\tdnistub_ftptn_inst.exe

File PE Metadata

Compilation timestamp:

2/3/2016 6:44:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

CTPH (ssdeep):

6144:kXO2Do4iy5ECs8u/RIQJqkzICm8VvjD6Gd6P4HWFTplPWqc2bpdYrBQYZ4jyFo:EO2c4iy5ECs8u/RIQJqkzICm8VvjD6Gu

Entry address:

0x29216

Entry point:

E8, D0, 05, 00, 00, E9, 7A, FE, FF, FF, FF, 25, B4, 61, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 90, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 7F, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B8, 41, 45, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Entropy:

6.5975

Code size:

274.5 KB (281,088 bytes)

The file tdnistub_ftptn_inst.exe has been seen being distributed by the following URL.

http://d3r8ssqwsd059p.cloudfront.net/.../tdnistub_ftptn_inst.exe

Remove tdnistub_ftptn_inst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.