» tiranium.exe
Overview
Analysis
File Details
Network (2)

tiranium.exe

Tiranium Internet Security 2014

Tiranium Internet Security 2014 Tiranium AntiVirus Olympe in

The executable tiranium.exe has been detected as malware by 15 anti-virus scanners. While running, it connects to the Internet address ghs-vip-any-c46.ghs-ssl.googlehosted.com on port 80 using the HTTP protocol.

File name:

tiranium.exe

Publisher:

Tiranium Internet Security 2014 Tiranium AntiVirus Olympe in

Product:

Tiranium Internet Security 2014

Version:

1.7.1.8

MD5:

ae0447286c1cda08dc62d39c4c7362c5

SHA-1:

66ee56a461420c6ddf60596f08b97fedb116d02b

SHA-256:

dbd2f5a96a1820bb95150326ebf423dc94619e71aa37e0379ee7eac2f9f70b42

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/26/2024 9:55:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.76795

1001

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14510

Bitdefender

Gen:Variant.Kazy.76795

1.0.20.650

Emsisoft Anti-Malware

Gen:Variant.Kazy.76795

8.14.05.10.11

ESET NOD32

MSIL/Packed.Confuser (variant)

8.9780

Fortinet FortiGate

W32/Generic!tr

5/10/2014

F-Secure

Gen:Variant.Kazy.76795

11.2014-10-05_7

G Data

Gen:Variant.Kazy.76795

14.5.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3888

McAfee

Artemis!AE0447286C1C

5600.7135

MicroWorld eScan

Gen:Variant.Kazy.76795

15.0.0.390

Qihoo 360 Security

Win32/Trojan.705

1.0.0.1015

Sophos

Generic PUA GG

4.98

Trend Micro House Call

TROJ_GEN.R047H07E914

7.2.130

VIPRE Antivirus

Trojan.Win32.Generic

29044

File size:

1.1 MB (1,143,632 bytes)

Product version:

1.7.1.8

Trademarks:

Seven Alien Technologies Tiranium AntiVirus Olympe In

Original file name:

1060336355.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\tiranium antivirus\tiranium.exe

File PE Metadata

Compilation timestamp:

12/9/2010 7:58:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:FmmwrS3mQb89yvo4ql4fHZ43FI3BWDbXmOZaBmx:FmBr2mQprQi5cb4+

Entry address:

0x2E5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

4 KB (4,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ghs-vip-any-c46.ghs-ssl.googlehosted.com (74.125.34.46:80)

TCP (HTTP):

Connects to any-in-2415.1e100.net (216.239.36.21:80)

Remove tiranium.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.