home

temp.exe

InstallApp 1.0.5

Big Fish Games

The executable temp.exe has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.
Publisher:
Big Fish Games

Product:
InstallApp 1.0.5

Description:
Install App

Version:
1.0.5

MD5:
69df6fb7f369317e0242b203eec7cc16

SHA-1:
327ac82e60af9450384166f980eafdf0ac94a1b2

SHA-256:
6604d7d71e3e7e52b95c705f918adf845c17c187b477748545b39771a7e7196b

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/26/2024 11:40:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dldr.Agent.cmab
7.11.84.16

Comodo Security
UnclassifiedMalware
16409

Fortinet FortiGate
W32/Agent.CMAB!tr.dldr
4/6/2014

IKARUS anti.virus
Trojan-Downloader.Win32.Agent
t3scan.2.0.3.0

McAfee
Artemis!69DF6FB7F369
5600.7169

Norman
Agent.ASYUL
11.20140406

Trend Micro House Call
TROJ_GEN.R23H1H5
7.2.96

File size:
177.5 KB (181,760 bytes)

Product version:
1.0.5.0

Copyright:
(c) Big Fish Games. All rights reserved.

Original file name:
InstallApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\Documents and Settings\{user}\Local settings\temp\temp.exe

File PE Metadata
Compilation timestamp:
1/30/2006 8:50:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:RgfUDD82nkOVj3BD+QDfMf0v5wVR4/Q5Kc73ZNSYdizbDoJpwjErf5ulmbzydr:R94ShgufbCoWKk3ZLWbEJ+EQlg6

Entry address:
0x63590

Entry point:
60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Entropy:
7.7308

Packer / compiler:
UPX 2.90LZMA]

Code size:
148 KB (151,552 bytes)

Remove temp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.