home

tmp411d.tmp.exe

The executable tmp411d.tmp.exe has been detected as malware by 29 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘aoirgjiergjepijgierjgipejrgiejrge’. The file has been seen being downloaded from 61055875-866111160821565096.preview.editmysite.com.
Version:
0.0.0.0

MD5:
2a86d107e9fccab7382c3743b1a7bb5e

SHA-1:
83cee918961c74e0c9f4b214d9678f17530f31e5

SHA-256:
7e177e2425e0f346cdd6e2fddf9e2a509b167d6cff10fbafff5542f2128f17a9

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
7/9/2025 4:44:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.766775
362

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Spyware/Win32.Zbot
2016.01.01

Avira AntiVirus
TR/Dropper.MSIL.234437
8.3.2.4

Arcabit
Trojan.Kazy.DBB337
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160207

Baidu Antivirus
Trojan.MSIL.Tiny
4.0.3.1627

Bitdefender
Gen:Variant.Kazy.766775
1.0.20.190

Comodo Security
UnclassifiedMalware
23890

Dr.Web
Trojan.DownLoader18.5742
9.0.1.038

Emsisoft Anti-Malware
Gen:Variant.Kazy.766775
8.16.02.07.09

ESET NOD32
MSIL/TrojanDownloader.Tiny.MX (variant)
10.12804

Fortinet FortiGate
MSIL/Tiny.MX!tr.dldr
2/7/2016

F-Secure
Gen:Variant.Kazy.766775
11.2016-07-02_1

G Data
Gen:Variant.Kazy.766775
16.2.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Tiny
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18285

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.696

Malwarebytes
Trojan.Agent.MSIL
v2016.02.07.09

McAfee
RDN/Generic.bfr
5600.6496

Microsoft Security Essentials
TrojanDownloader:MSIL/Lorozoad!rfn
1.1.12400.0

MicroWorld eScan
Gen:Variant.Kazy.766775
17.0.0.114

NANO AntiVirus
Trojan.Win32.Tiny.dzbxgx
1.0.14.5380

Panda Antivirus
Trj/GdSda.A
16.02.07.09

Quick Heal
TrojanDownloader.Lorozoad.r3
2.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16205

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0DLA15
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
46198

File size:
4.5 KB (4,608 bytes)

Product version:
0.0.0.0

Original file name:
dddd.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\tmp411d.tmp.exe

File PE Metadata
Compilation timestamp:
11/23/2015 11:57:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
48:6o/ujJ56UqXEKhucOLQ+FFCPgZSHcvoVg+TVhtWmeyadtD56QLLOulZqG4q:P2d4sqKCPgZSHxVgMhtvadtrLNuG

Entry address:
0x299E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.7658

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.5 KB (2,560 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
aoirgjiergjepijgierjgipejrgiejrge

Command:
C:\users\{user}\appdata\roaming\svchost.exe


The file tmp411d.tmp.exe has been seen being distributed by the following URL.

http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../dddd.exe

Remove tmp411d.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.