» tmp0000004fbd6da89ea5b7259b
Overview
Analysis
File Details

tmp0000004fbd6da89ea5b7259b

Zwangi.com

The file tmp0000004fbd6da89ea5b7259b by Zwangi.com has been detected as a potentially unwanted program by 29 anti-malware scanners.

File name:

Publisher:

Zwangi.com (signed and verified)

MD5:

3b12b86ae899312a6b88ddda7c4ba55d

SHA-1:

0766b4b017d72494f51761afda6b39c5f0548493

SHA-256:

b42ccafea629a25cdd1614c4ca3e9ccff91fdff5ae3d4e3c82bc5bcd381aa6a4

Scanner detections:

29 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:09:20 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.Zwangi

7.1.1

Avira AntiVirus

TR/ATRAPS.Gen

7.11.30.172

avast!

Win32:OneStep-BE [PUP]

2014.9-150324

AVG

Adware Skodna.Generic_r.GK

2014.0.4189

Bitdefender

Trojan.Generic.4645026

1.0.20.415

Bkav FE

W32.BarDiscoverAD.Trojan

1.3.0.4562

Clam AntiVirus

Win.Adware.Zwangi-3621

0.98/18155

Comodo Security

UnclassifiedMalware

17310

Emsisoft Anti-Malware

Trojan.Generic.4645026

8.15.03.24.01

ESET NOD32

Win32/Adware.OneStep.J application

7.0.302.0

Fortinet FortiGate

Adware/OneStep

11/28/2014

F-Prot

W32/Zwangi.D.gen

4.6.5.141

G Data

Trojan.Generic.4645026

15.3.22

IKARUS anti.virus

BrowserModifier

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.186.14161

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2879

McAfee

Adware-OneStep.l

5600.6933

Microsoft Security Essentials

Threat.Undefined

1.189.840.0

MicroWorld eScan

Trojan.Generic.4645026

16.0.0.249

NANO AntiVirus

Trojan.Win32.ATRAPS.bkxacn

0.28.0.56316

Panda Antivirus

Adware/Zwangi

15.03.24.01

Qihoo 360 Security

Malware.QVM08.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.24.1

Rising Antivirus

PE:Adware.OneStep!6.161D

23.00.65.141126

Sophos

Zwangi

4.98

SUPERAntiSpyware

Adware.Zwangi

9979

Trend Micro House Call

TROJ_SPNR.0BI511

7.2.83

Trend Micro

TROJ_SPNR.0BI511

10.465.24

VIPRE Antivirus

Onestepsearch

23574

File size:

512 KB (524,288 bytes)

Common path:

C:\windows\temp\tmp0000004fbd6da89ea5b7259b

Digital Signature

Signed by:

Zwangi.com

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

4/30/2009 6:00:00 PM

Valid to:

5/1/2011 5:59:59 PM

Subject:

CN=Zwangi.com, OU=Secure Application Development, O=Zwangi.com, L=El Segundo, S=California, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

24BB7C661012777C632783774B9FF5FD

File PE Metadata

Compilation timestamp:

4/14/2010 2:09:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

1536:dcwDGOaFJ0KtsG6Om6sjM3rPnOLB50DnpXJLJ0M0JC3fUdo2/Dj:+wqzfSwZE0DnpZl0RcfCf/

Entry address:

0x5C73

Entry point:

6A, 60, 68, A0, A4, 40, 00, E8, 85, 1B, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, A5, FD, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 30, A0, 40, 00, 8B, 4E, 10, 89, 0D, CC, C3, 40, 00, 8B, 46, 04, A3, D8, C3, 40, 00, 8B, 56, 08, 89, 15, DC, C3, 40, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, D0, C3, 40, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, D0, C3, 40, 00, C1, E0, 08, 03, C2, A3, D4, C3, 40, 00, 33, F6, 56, 8B, 3D, 24, A0, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

1.5333

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

36 KB (36,864 bytes)

Remove tmp0000004fbd6da89ea5b7259b - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.