home

temp.bin

Notepad++

Don HO don.h@free.fr

The file temp.bin, “Notepad++ : a free (GNU) source code editor” has been detected as malware by 37 anti-virus scanners. This worm can steal user names and passwords by monitoring network communication, block websites, and launch a denial of service (DoS) attack.
Publisher:
Don HO don.h@free.fr

Product:
Notepad++

Description:
Notepad++ : a free (GNU) source code editor

Version:
6.13

MD5:
aca64b8a4ff4f60695d9a88c244f0f52

SHA-1:
4239d75f5d67079bdff816aa3fe4c802a487bb97

SHA-256:
5c570d2a4888b893e6e4037faf2285210490716b8e6b16c9aa5685068572d35f

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/23/2024 6:58:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.27617
834

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Trojan/Win32.PornoAsset
2014.10.17

Avira AntiVirus
Worm/Dorkbot.I.2277
7.11.179.22

avast!
Win32:Downloader-TWS [Trj]
2014.9-141024

AVG
Ransomer
2015.0.3312

Baidu Antivirus
Worm.Win32.IRCBot
4.0.3.141024

Bitdefender
Gen:Variant.Symmi.27617
1.0.20.1485

Comodo Security
TrojWare.Win32.Injector.AJMB
19825

Dr.Web
BackDoor.IRC.NgrBot.42
9.0.1.0297

Emsisoft Anti-Malware
Gen:Variant.Symmi.27617
8.14.10.24.04

ESET NOD32
Win32/Injector.AJMB (variant)
8.10578

Fortinet FortiGate
W32/Injector.AJDD!tr
10/24/2014

F-Secure
Gen:Variant.Symmi.27617
11.2014-24-10_6

G Data
Gen:Variant.Symmi.27617
14.10.24

IKARUS anti.virus
Trojan.Win32.Matsnu
t3scan.1.7.8.0

K7 AntiVirus
Riskware
13.184.13718

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3054

Malwarebytes
Trojan.Inject.RRE
v2014.10.24.04

McAfee
PWS-Zbot-FAXY!ACA64B8A4FF4
5600.6968

Microsoft Security Essentials
Worm:Win32/Dorkbot.I
1.11005

MicroWorld eScan
Gen:Variant.Symmi.27617
15.0.0.891

NANO AntiVirus
Trojan.Win32.NgrBot.cqmlgk
0.28.2.62671

Norman
Gamarue.BBV
11.20141024

nProtect
Backdoor/W32.Androm.183808
14.10.17.01

Qihoo 360 Security
Win32/Backdoor.6a1
1.0.0.1015

Quick Heal
Trojan.Lethic.B5
10.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.157C48B5!360466613
23.00.65.141022

Sophos
Mal/EncPk-AKA
4.98

SUPERAntiSpyware
Heur.Agent/Gen-FakeNPP
10281

Trend Micro House Call
TROJ_SPNR.03GG13
7.2.297

Trend Micro
TROJ_SPNR.03GG13
10.465.24

Vba32 AntiVirus
BScope.Malware-Cryptor.Oop
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Ransom.cmc
34002

ViRobot
Spyware.PornoAsset.183808.AD
2011.4.7.4223

Zillya! Antivirus
Trojan.Injector.Win32.202080
2.0.0.1958

File size:
179.5 KB (183,808 bytes)

Product version:
6.13

Copyright:
Copyleft 1998-2006 by Don HO

Original file name:
Notepad++.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\temp.bin

File PE Metadata
Compilation timestamp:
7/13/2013 1:29:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:ho3XByo2cPR3uUTPKWqm0V+d0EioxR6kEq+MNXA5Qut7+nyKX8fkdEZ+BfSGi9S+:sJ2UKWqtVa8o1Eq+Y85tiy1CEZlPS+

Entry address:
0x166A

Entry point:
E8, 30, 1A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 20, CF, 40, 00, 89, 0D, 1C, CF, 40, 00, 89, 15, 18, CF, 40, 00, 89, 1D, 14, CF, 40, 00, 89, 35, 10, CF, 40, 00, 89, 3D, 0C, CF, 40, 00, 66, 8C, 15, 38, CF, 40, 00, 66, 8C, 0D, 2C, CF, 40, 00, 66, 8C, 1D, 08, CF, 40, 00, 66, 8C, 05, 04, CF, 40, 00, 66, 8C, 25, 00, CF, 40, 00, 66, 8C, 2D, FC, CE, 40, 00, 9C, 8F, 05, 30, CF, 40, 00, 8B, 45, 00, A3, 24, CF, 40, 00, 8B, 45, 04, A3, 28, CF, 40, 00, 8D, 45, 08, A3, 34, CF, 40...
 
[+]

Entropy:
6.0410

Code size:
28.5 KB (29,184 bytes)

Remove temp.bin - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.