home

tmp003574d5

Windows 7 Loader

The file tmp003574d5 has been detected as a potentially unwanted program by 7 anti-malware scanners. The file has been seen being downloaded from docviewer.yandex.com and multiple other hosts.
Product:
Windows 7 Loader

Version:
1.0.0.0

MD5:
00b0486f4126348d876d8ef464db3d2d

SHA-1:
913794dabcfa0ff3ad759a2242e734a48c2decb8

SHA-256:
777f0a78acafa77fac5fbe86312863fbd1d9c8d61b5959250852cc46ad409a8e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 7:54:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.166902
5720185

Clam AntiVirus
Win.Adware.Softpulse-223
0.98/21062

Emsisoft Anti-Malware
Gen:Variant.Zusy.166902
10.0.0.5366

F-Secure
Gen:Variant.Zusy.166902
5.15.21

Microsoft Security Essentials
Threat.Undefined
1.209.3049.0

Norman
Gen:Variant.Zusy.166902
07.10.2015 03:16:12

Sophos
PUA 'Windows 7 Loader' (of type Hacktool)
5.20

File size:
4.2 MB (4,369,408 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
Windows 7 Loader.exe

Language:
Language Neutral

Common path:
C:\windows\temp\tmp00002c77\tmp003574d5

File PE Metadata
Compilation timestamp:
11/15/2015 1:52:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:5EYz38cgg/ngk4mYfA7fgvn812nvJeUVDiP3:5EYz5gg/v4mevn8iJe2iP

Entry address:
0x42795E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8847

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.1 MB (4,348,416 bytes)

The file tmp003574d5 has been seen being distributed by the following 3 URLs.

https://docviewer.yandex.com/source?id=19rne-7nwfczi2oz4r9q7r0y1sji8hld2q4a3b3hdvwxt11ct0qh22zqmr4iplkhpa3q6sfcwf3798p68ak7xbo12ol1yphu2f1u8uwo0&archive-path=//Windows 7 Loader.exe&ts=1514fd85a46&token= ASC9pRcKpH1UOR 3bF9IQ==&name=Windows_Loader.zip

https://docviewer.yandex.com/source?id=19rne-7nwfczi2oz4r9q7r0y1sji8hld2q4a3b3hdvwxt11ct0qh22zqmr4iplkhpa3q6sfcwf3798p68ak7xbo12ol1yphu2f1u8uwo0&archive-path=//Windows 7 Loader.exe&ts=1511c4af7e8&token=s0Fqso3P4UsOLh7jezsOWw==&name=Windows_Loader.zip

https://docviewer.yandex.com/source?id=19rne-7nwfczi2oz4r9q7r0y1sji8hld2q4a3b3hdvwxt11ct0qh22zqmr4iplkhpa3q6sfcwf3798p68ak7xbo12ol1yphu2f1u8uwo0&archive-path=//Windows 7 Loader.exe&ts=15127376bd3&token=UuF60oFeYhrrkwiTSxQVkg==&name=Windows_Loader.zip

Remove tmp003574d5 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.