» temp.exe
Overview
Analysis
File Details

temp.exe

FreePideoDownloader

Anton Panin

The application temp.exe, “FreePideoDownloader Setup ” by Anton Panin has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is also typically executed from the user's temporary directory.

File name:

temp.exe

Publisher:

SneakyStreams.com (signed by Anton Panin)

Product:

FreePideoDownloader

Description:

FreePideoDownloader Setup

MD5:

ecea4db2b1f92158eb08110e28aa9d21

SHA-1:

d998e98a366af5bb4f207d3d9b2c6922b660d000

SHA-256:

0e0828e13a1a71b587183b99c45d64bdaba04d47e1984dd4af1f2503a2918a10

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/26/2024 11:58:07 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3256

ESET NOD32

Win32/InstallMonetizer.AF

8.10663

Fortinet FortiGate

Riskware/Agent

12/19/2014

K7 AntiVirus

Trojan

13.185.13888

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.2775

McAfee

Artemis!ECEA4DB2B1F9

5600.6912

Qihoo 360 Security

Win32/Virus.Downloader.539

1.0.0.1015

Quick Heal

Downloader.Agent.g8 (Not a Virus)

12.14.14.00

Reason Heuristics

PUP.Installer.AntonPanin

15.2.14.11

Sophos

Generic PUA NJ

4.98

File size:

2.9 MB (3,070,672 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp.exe

Digital Signature

Signed by:

Anton Panin

Authority:

StartCom Ltd.

Valid from:

1/12/2014 7:21:54 AM

Valid to:

1/13/2016 8:03:57 AM

Subject:

E=veles83@gmail.com, CN=Anton Panin, L=Kstovo, S=Nizhny Novgorod Oblast, C=RU, Description=W7iWE9WUDMEwQToS

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0C66

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:3vfkviC9izatoGLQU1h2oiwkrUktghInaYsupAuRwHu64RfjTShMcewVuZakypT2:/fkhm2bPisPhGaYs8ABHulfHSImsa/R6

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9807

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove temp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.