home

tmp1ad1.exe

The executable tmp1ad1.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
62c23724de659e4b616f5c0708268ef0

SHA-1:
9b9dcea35eb29f1381f7b447940395ed07736392

SHA-256:
f5a7499c45565d6bab409a53c11c74b2279309c41f5a393a570293ac036ba631

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/19/2024 2:35:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Dropper.Boran.XMP
856

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Dropper/Win32.Necurs
2014.07.05

Avira AntiVirus
TR/Crypt.Xpack.70581
7.11.158.148

avast!
Win32:Downloader-VKV [Trj]
2014.9-141002

AVG
Inject2
2015.0.3334

Baidu Antivirus
Hacktool.Win32.Injector
4.0.3.14102

Bitdefender
Trojan.Dropper.Boran.XMP
1.0.20.1375

Bkav FE
W32.XymneD.Trojan
1.3.0.4959

Dr.Web
Trojan.DownLoad3.28912
9.0.1.0275

Emsisoft Anti-Malware
Trojan.Dropper.Boran.XMP
8.14.10.02.04

ESET NOD32
Win32/Injector.BFZP (variant)
8.10048

Fortinet FortiGate
W32/Kryptik.MFCD!tr
10/2/2014

F-Secure
Trojan.Dropper.Boran.XMP
11.2014-02-10_5

G Data
Trojan.Dropper.Boran.XMP
14.10.24

IKARUS anti.virus
Trojan-Downloader.Win32.Zemot
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12626

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3164

Malwarebytes
Trojan.Ransom
v2014.10.02.04

McAfee
Downloader-FVC!62C23724DE65
5600.6990

Microsoft Security Essentials
VirTool:Win32/Injector.gen!EX
1.10701

MicroWorld eScan
Trojan.Dropper.Boran.XMP
15.0.0.825

NANO AntiVirus
Trojan.Win32.Slym.dbddxf
0.28.0.60577

Norman
Injector.GUGO
11.20141002

nProtect
Trojan.Dropper.Boran.XMP
14.07.04.01

Panda Antivirus
Trj/Genetic.gen
14.10.02.04

Qihoo 360 Security
Win32/Trojan.BO.094
1.0.0.1015

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Ransom
10325

Total Defense
Win32/Inject.ZXPdKK
37.0.11039

Trend Micro House Call
TROJ_UPATRE.SMN0
7.2.275

Trend Micro
TROJ_UPATRE.SMN0
10.465.02

Vba32 AntiVirus
BScope.Malware-Cryptor.Hlux
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30978

Zillya! Antivirus
Trojan.Zbot.Win32.157876
2.0.0.1845

File size:
110.5 KB (113,168 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp1ad1.exe

File PE Metadata
Compilation timestamp:
6/3/2014 6:08:33 PM

OS version:
0.257

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:kHVbHdlNh9RhkzM0rv5LE1U8R/T0sVy8Lg9SNWKzLptjX05/g8M:6Vb9lT9szMsRcwsY8LgHKzLpp0+8M

Entry address:
0x93B8

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
16 MB (16,814,080 bytes)

Remove tmp1ad1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.