home

tmp0000002ed66a7783af62ff8f

United Parcel Service, Inc. CrossWarePreVerifier

UPS

The file tmp0000002ed66a7783af62ff8f, “CrossWarePreVerifier EXE” has been detected as malware by 3 anti-virus scanners.
Publisher:
United Parcel Service, Inc.  (signed by UPS)

Product:
United Parcel Service, Inc. CrossWarePreVerifier

Description:
CrossWarePreVerifier EXE

Version:
16, 0, 1, 8

MD5:
856433df42b5d6359e351a6b0e7b7c4d

SHA-1:
930dff2b3618df7694b79a57e9fbadcf9c710e6b

SHA-256:
01035afc9c466447d237aac38e6176abb4acaa53a2ea310e6593f658b7e21e74

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/19/2024 6:45:13 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Application.ExqPage
11.5.0.6191

F-Secure
Variant.Application.ExqPage
5.15.96

Norman
Gen:Variant.Application.ExqPage.4
19.05.2016 01:04:49

File size:
512 KB (524,288 bytes)

Product version:
16, 0, 1, 8

Copyright:
Copyright (C) 2011 United Parcel Service of America, Inc.

Original file name:
CrossWarePreVerifier.exe

Language:
English (United States)

Common path:
C:\windows\temp\tmp0000002ed66a7783af62ff8f

Digital Signature
Signed by:
UPS

Authority:
VeriSign, Inc.

Valid from:
2/16/2011 12:00:00 AM

Valid to:
3/12/2013 11:59:59 PM

Subject:
CN=UPS, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=ISMD, O=UPS, L=Timonium, S=Maryland, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2054D0C8CC0BDCD66B5B8B5EEF968485

File PE Metadata
Compilation timestamp:
12/5/2012 3:46:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:0v0cViH7qtzQOdYBORRDZ7THDwLHz+x8Grpstw63kJub:0zQOVD9HwDz+utw63kJub

Entry address:
0x147EE

Entry point:
E8, AB, 75, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, 75, 08, 33, DB, 3B, F3, 75, 1C, E8, B1, 21, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 4E, 77, 00, 00, 83, C4, 14, 33, C0, EB, 16, 0F, B6, 06, 50, E8, 29, 61, 00, 00, 46, 59, 85, C0, 74, 05, 38, 1E, 74, 01, 46, 8B, C6, 5E, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 42, 72, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 60, 75, 43, 00, 74, 12...
 
[+]

Entropy:
5.9169

Code size:
168 KB (172,032 bytes)

Remove tmp0000002ed66a7783af62ff8f - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.