» tmp3983.exe
Overview
Analysis
File Details

tmp3983.exe

ThreatTrack Security, Inc.

The executable tmp3983.exe has been detected as malware by 31 anti-virus scanners.

File name:

tmp3983.exe

Publisher:

ZALAN (signed by ThreatTrack Security, Inc.)

Product:

ZALAN

Version:

0.00.0001

MD5:

997a95326f05d233edbcf80677858275

SHA-1:

23957c501a0ba0133d44e668ab9f111a8b7b0a1c

SHA-256:

284d69a8da26d6325459e72704f6cd05ec28e3798d2d5ba9a30a1f381b3031ba

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/26/2024 11:00:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.56098

367

Agnitum Outpost

Trojan.Boaxxe

7.1.1

AhnLab V3 Security

Trojan/Win32.Miuref

2015.09.24

Avira AntiVirus

TR/Dropper.VB.35398

8.3.2.2

Arcabit

Trojan.Symmi.DDB22

1.0.0.567

avast!

Win32:Malware-gen

2014.9-160203

AVG

Atros2

2017.0.2845

Baidu Antivirus

Trojan.Win32.Boaxxe

4.0.3.1623

Bitdefender

Gen:Variant.Symmi.56098

1.0.20.170

Dr.Web

Trojan.Siggen6.38594

9.0.1.034

Emsisoft Anti-Malware

Gen:Variant.Symmi.56098

8.16.02.03.02

ESET NOD32

Win32/Boaxxe.BR

10.12296

Fortinet FortiGate

W32/Boaxxe.BR!tr

2/3/2016

F-Secure

Gen:Variant.Symmi.56098

11.2016-03-02_4

G Data

Gen:Variant.Symmi.56098

16.2.25

IKARUS anti.virus

Trojan.Win32.Boaxxe

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.210.17314

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.720

Malwarebytes

Trojan.Downloader

v2016.02.03.02

McAfee

Miuref-FAA!997A95326F05

5600.6501

Microsoft Security Essentials

Trojan:Win32/Miuref.F

1.1.12101.0

MicroWorld eScan

Gen:Variant.Symmi.56098

17.0.0.102

NANO AntiVirus

Trojan.Win32.Siggen6.dxggly

0.30.26.3725

Panda Antivirus

Trj/CI.A

16.02.03.02

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-VB

9347

Trend Micro

TROJ_GEN.R0C1C0DI815

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

44012

ViRobot

Trojan.Win32.Agent.151440[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Boaxxe.Win32.11222

2.0.0.2412

File size:

147.9 KB (151,440 bytes)

Product version:

0.00.0001

Original file name:

ZALAN.exe

File type:

Executable application (Win32 EXE)

Language:

Arabic (Libya)

Common path:

C:\ProgramData\microsoft\performance\monitor\temp\tmp3983.exe

Digital Signature

Signed by:

ThreatTrack Security, Inc.

Authority:

DigiCert Inc

Valid from:

5/14/2013 2:00:00 AM

Valid to:

7/22/2015 2:00:00 PM

Subject:

CN="ThreatTrack Security, Inc.", O="ThreatTrack Security, Inc.", L=Clearwater, S=Florida, C=US

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09D4BCAF771ADF6588CF63A3A3A12C31

File PE Metadata

Compilation timestamp:

4/4/2015 4:02:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:3obNlbIt0km3tYNhT4fzEpCzcvOlm3BKVezoQWTLg2IT1+d4+wVuO:uy0kPHFCzcGlm3sVekaVPf

Entry address:

0x12FC

Entry point:

68, 64, 30, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, FD, AC, FE, BB, AC, B0, 96, 49, 8D, DD, 10, 6A, 20, DA, 86, BC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 59, 02, 83, 00, 00, 00, 50, 68, 61, 72, 6D, 61, 6B, 6F, 6E, 7A, 65, 72, 6E, 30, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0E, 63, 9D, F2, D4, 4A, B4, B6, 4E, 88, D1, A0, C8, BD, EE, 87, 03, B2, C9, 2F, 4A, 8A, EC, 8D, 4D, A9, AF, B9, B7, C1, 11, 8C, F7, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

7.0782

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

124 KB (126,976 bytes)

Remove tmp3983.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.