» thermohid.exe
Overview
Analysis
File Details
Network (1)

thermohid.exe

support@thermohid.co.uk

File name:

thermohid.exe

Publisher:

support@thermohid.co.uk

Description:

Display Temperature from PCSensor TEMPerHID Devices

Version:

2.0.1.23

MD5:

ba886a4f9a3b63c66e7495fb1a67b661

SHA-1:

9898d9b573fb2c33b793fec571be43983203ee7a

SHA-256:

4223b817732d68c1438acee2b0ccf69843186554553ab6af784eb5c8b520c8ad

Scanner detections:

3 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/27/2024 3:15:50 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Malware.Win32.AMN!A2

8.14.04.15.10

ESET NOD32

probably unknown NewHeur_PE

8.7284

Vba32 AntiVirus

suspected of Backdoor.Delf.28

3.12.18.0

File size:

4.6 MB (4,819,456 bytes)

Product version:

1.0.0.0

Steve Timms

Original file name:

ThermoHID

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:hEz574WdmnM2XO2Z8jgI3CdXQ3EPAHHsPXjJ3:hCN9dk3XM3CSUD

Entry address:

0x30BD5C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 6C, B1, 70, 00, E8, 24, B9, CF, FF, A1, D4, 75, 71, 00, 8B, 00, E8, 04, 4C, D6, FF, 8B, 0D, B4, 7A, 71, 00, A1, D4, 75, 71, 00, 8B, 00, 8B, 15, 6C, 26, 68, 00, E8, 04, 4C, D6, FF, 8B, 0D, 34, 7C, 71, 00, A1, D4, 75, 71, 00, 8B, 00, 8B, 15, 8C, ED, 67, 00, E8, EC, 4B, D6, FF, A1, 4C, 7B, 71, 00, 83, 38, 00, 75, 18, 8B, 0D, 4C, 7B, 71, 00, A1, D4, 75, 71, 00, 8B, 00, 8B, 15, B0, C8, 67, 00, E8, CA, 4B, D6, FF, A1, D4, 75, 71, 00, 8B, 00, E8, 3E, 4C, D6, FF, E8, 49, 8E, CF, FF, 90... 
[+]

Entropy:

6.4460

Developed / compiled with:

Microsoft Visual C++

Code size:

3 MB (3,190,272 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to lb1.namesco.net (85.233.160.70:80)

Scan thermohid.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.