» tmp1e3a.exe
Overview
Analysis
File Details

tmp1e3a.exe

Editor

The executable tmp1e3a.exe has been detected as malware by 27 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

tmp1e3a.exe

Product:

Editor

Version:

1, 0, 0, 1

MD5:

c3f901578f31f79969f75974ee62f1fe

SHA-1:

84d0f8b58fbba3109efeae8a43bfa291c64f6b60

SHA-256:

28048e2aab9b895074be71d2c85b71cba26906c466efdbcefdec9bb08b1406f7

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/24/2024 1:57:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11310896

856

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransomlock

14.10.02

Avira AntiVirus

TR/Crypt.ZPACK.82127

7.11.151.92

avast!

Win32:Injector-BTL [Trj]

2014.9-141002

AVG

Downloader.Generic13

2015.0.3334

Baidu Antivirus

Trojan.Win32.Downloader

4.0.3.14102

Bitdefender

Trojan.Generic.11310896

1.0.20.1375

Dr.Web

Trojan.Mayachok.18806

9.0.1.0275

Emsisoft Anti-Malware

Trojan.Generic.11310896

8.14.10.02.04

ESET NOD32

Win32/TrojanDownloader.Agent.AGV

8.9843

Fortinet FortiGate

W32/Zbot.AGV!tr

10/2/2014

F-Secure

Trojan.Generic.11310896

11.2014-02-10_5

G Data

Trojan.Generic.11310896

14.10.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.178.12184

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.3164

Malwarebytes

Spyware.Zbot.ED

v2014.10.02.04

McAfee

Downloader-FYH!C3F901578F31

5600.6990

MicroWorld eScan

Trojan.Generic.11310896

15.0.0.825

Norman

Troj_Generic.UASTY

11.20141002

nProtect

Trojan.Generic.11310896

14.05.23.01

Panda Antivirus

Suspicious file

14.10.02.04

Qihoo 360 Security

Win32/Trojan.Downloader.fbc

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBB01EN14

7.2.275

VIPRE Antivirus

Trojan.Win32.Generic

29548

File size:

132 KB (135,172 bytes)

Product version:

1, 0, 0, 1

Original file name:

Editor.exe

File type:

Executable application (Win64 EXE)

Language:

Espagnol (Mexique)

Common path:

C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp1e3a.exe

File PE Metadata

Compilation timestamp:

5/6/2014 6:55:35 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

CTPH (ssdeep):

3072:xsyf6cnzFY1PorwS3inL9Q7Pa9v+bQqgFC:GJczG1w0S3UvofgFC

Entry address:

0xAA54

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

44 KB (45,056 bytes)

Remove tmp1e3a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.