» temp3018341662.exe
Overview
Analysis
File Details
Behaviors (1)

temp3018341662.exe

The executable temp3018341662.exe has been detected as malware by 17 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CrashReportNotifyer’.

File name:

temp3018341662.exe

MD5:

b87fcc775c4a06f3d71a9c45d054edd9

SHA-1:

682c0029f7efe19430466a5a3dcef0259b2daf86

SHA-256:

2947abdfb566701de76f290fcf1882658b5acdc2353d9cafeaa565a15e344156

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/24/2024 11:21:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BGYE

778

avast!

Win32:Malware-gen

2014.9-141221

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.141221

Bitdefender

Trojan.Agent.BGYE

1.0.20.1765

Bkav FE

HW32.Packed

1.3.0.6267

Emsisoft Anti-Malware

Trojan.Agent.BGYE

8.14.12.19.09

ESET NOD32

Win32/Injector.BRQA trojan

7.0.302.0

F-Secure

Trojan.GenericKD.2036865

11.2014-21-12_1

G Data

Trojan.Agent.BGYE

14.12.24

Kaspersky

Trojan-PSW.Win32.Tepfer

14.0.0.2760

Malwarebytes

Trojan.Agent

v2014.12.19.09

MicroWorld eScan

Trojan.Agent.BGYE

15.0.0.1059

Norman

Trojan.GenericKD.2036865

11.20141221

nProtect

Trojan.GenericKD.2036865

14.12.19.01

Panda Antivirus

Generic Suspicious

14.12.21.11

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

File size:

1.3 MB (1,399,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\temp\temp3018341662.exe

File PE Metadata

Compilation timestamp:

12/16/2014 10:00:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:0eqMKnApB6rnCHvq0Lgtskl9DJULJ2HNFlK9B1tSgZf4G:pT67gq00tskLDmLJ20B1t94G

Entry address:

0x16805B8

Entry point:

E8, 11, 32, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 28, E1, A7, 01, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 2C, E1, A7, 01, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 4E, 20, 00, 00, 85, C0, 75, 06, B8, 90, E2, A7, 01, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 24, E0, A7, 01, A3, 8C, 7C, A8, 01, 85... 
[+]

Code size:

44 KB (45,056 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CrashReportNotifyer

Command:

C:\windows\temp\temp3018341662.exe

Remove temp3018341662.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.