home

TiraniumGuard.exe

Tiranium AntiVirus Realtime Protection

Tiranium Security(TM)

The executable TiraniumGuard.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address ns1.olympe.in on port 80 using the HTTP protocol.
Publisher:
Seven Alien Technologies  (signed by Tiranium Security(TM))

Product:
Tiranium AntiVirus Realtime Protection

Version:
1.0.0.0

MD5:
1c62dcc0972b0e6a71fec776bfff10ba

SHA-1:
277b63229849439bbbaac90cee8607a56f199572

SHA-256:
06005b604f5e60ec8dff854103f310268a2a3089a20d7280e1fd14d6017e8715

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/16/2024 8:43:29 PM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
W32/Generic!tr
11/26/2014

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.3.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2887

McAfee
Artemis!1C62DCC0972B
5600.6934

NANO AntiVirus
Trojan.Win32.DownLoader11.djgiuz
0.28.6.63726

Panda Antivirus
Trj/Chgt.L
14.11.26.04

Trend Micro House Call
TROJ_GEN.R047H07KL14
7.2.330

File size:
1.5 MB (1,541,992 bytes)

Product version:
1.0.0.0

Copyright:
Copyright Seven Alien Technologies© 2014 TitaniumData Servfr Net

Trademarks:
Copyright Seven Alien Technologies© 2014 TitaniumData Servfr Net

Original file name:
TiraniumGuard.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\tiranium antivirus\tiraniumguard.exe

Digital Signature
Signed by:
Tiranium Security(TM)

Authority:
Tiranium Security(TM)

Valid from:
11/20/2014 10:25:31 AM

Valid to:
11/20/2015 10:25:31 AM

Subject:
E=tiraniumav@gmail.com, CN=Tiranium Security(TM), OU=Marseille, O=Tiranium Security(TM), L=Marseille, S=Marseille, C=FR

Issuer:
E=tiraniumav@gmail.com, CN=Tiranium Security (TM), OU=Marseille, O=Tiranium Security(TM), L=Marseille, S=Marseille, C=FR

Serial number:
01

File PE Metadata
Compilation timestamp:
11/21/2014 2:29:04 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:BTldOnvDNEim2o3JAK7335fAZZhvSzXV/KZZcRUjWhguvere/uiZEGvGu86V:MvE2G733mtml/KZ2RUgGre/fjGwV

Entry address:
0x16F51A

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
1.4 MB (1,496,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ns1.olympe.in  (178.32.167.243:80)

Remove TiraniumGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.