home

tmp39f3.exe

Trojan Killer

Gridinsoft, LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with Trojan Killer. The file has been seen being downloaded from cdn.trojan-killer.com and multiple other hosts.
Publisher:
GridinSoft LLC  (signed by Gridinsoft, LLC)

Product:
Trojan Killer

Description:
GridinSoft Trojan Killer Setup

Version:
2.2.5.3

MD5:
90fefdd221ed3e76454765f2bdd51e1a

SHA-1:
b4fc73f58c7c3f34bb6dba7078feee6ce9c3a89f

SHA-256:
7d41907d19655b6fc7944574b432e0553e1a30d16eaef938afeb27d406a1fcb9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 11:19:16 AM UTC  (today)

File size:
52.5 MB (55,080,024 bytes)

Copyright:
Copyright © 2003-2014, GridinSoft LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\tmp39f3.exe

Digital Signature
Signed by:
Gridinsoft, LLC

Authority:
VeriSign, Inc.

Valid from:
12/12/2011 3:30:00 AM

Valid to:
1/13/2015 3:29:59 AM

Subject:
CN="Gridinsoft, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Gridinsoft, LLC", L=Kiev, S=Kiev, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
065DF919B8A90A37DEB26750CBB3BBD3

File PE Metadata
Compilation timestamp:
12/6/2009 2:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:xHM9YvumssxWIm+zZijgJJp8Zz+sQG9UV0acLU3FJ5vT7wjD4wTU9cTqsu9M:xHM9XENm+zwjg65UG9UVfpvT7eMcD/

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
8.0000

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file tmp39f3.exe has been discovered within the following program.

Trojan Killer  by Gridinsoft LLC
Publisher's description - “Developed specifically for automatic removal of viruses, bots, spyware, keyloggers, trojans, scareware and rootkits without the need to manually edit system files or registry, Trojan Killer additionally fixes system modifications that were introduced by malware and which, regretfully, are often ignored by some popular antivirus scanners.”
trojan-killer.com
3% remove it
 
Powered by Should I Remove It?

The file tmp39f3.exe has been seen being distributed by the following 2 URLs.

http://cdn.trojan-killer.com/gtk-2.2.5.3-setup.exe

http://trojan-killer.net/download.php

Scan tmp39f3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.