home

tmp55.exe

Nahrungstrieb

Ivan Yurievich Permyakov IP

The application tmp55.exe by Ivan Yurievich Permyakov IP has been detected as adware by 17 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Ivan Yurievich Permyakov IP  (signed and verified)

Product:
Nahrungstrieb

Description:
Atomanzahl5

Version:
1.04.0007

MD5:
95165a43ce03e6f884263c0bd8833db0

SHA-1:
f43634f6ffad6d4021d63bcf9a51663355f3d6e4

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
4/20/2024 1:30:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12226124
760

Avira AntiVirus
TR/Dropper.VB.24459
7.11.189.158

avast!
Win32:Dropper-gen [Drp]
2014.9-150105

AVG
Generic_vb
2016.0.3238

Baidu Antivirus
Trojan.Win32.Boaxxe
4.0.3.1515

Bitdefender
Trojan.Generic.12226124
1.0.20.25

Dr.Web
Trojan.Siggen6.23087
9.0.1.05

Emsisoft Anti-Malware
Trojan.Generic.12226124
8.15.01.05.08

ESET NOD32
Win32/Boaxxe.BR
9.10805

F-Secure
Trojan.Generic.12226124
11.2015-05-01_2

G Data
Trojan.Generic.12226124
15.1.24

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2686

Malwarebytes
Spyware.Zbot.ED
v2015.01.05.08

MicroWorld eScan
Trojan.Generic.12226124
16.0.0.15

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

Reason Heuristics
PUP.IvanYurievichPermyakovIP
15.2.14.11

VIPRE Antivirus
Trojan.Win32.Generic
35302

File size:
178.7 KB (182,944 bytes)

Product version:
1.04.0007

Copyright:
Fastnachtsbräuche

Trademarks:
Bongotrommel

Original file name:
Kriegsepochen Kindererziehungsleistung.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\microsoft\secure\icons\temp\tmp55.exe

Digital Signature
Signed by:
Ivan Yurievich Permyakov IP

Authority:
COMODO CA Limited

Valid from:
3/27/2012 3:00:00 AM

Valid to:
3/28/2013 1:59:59 AM

Subject:
CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str, 194-236", L=Ekaterinburg, S=Sverdlovskaya oblast, PostalCode=620144, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A7C90ECFD30D2E76C561C688CF7613F

File PE Metadata
Compilation timestamp:
2/6/2015 6:36:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:1Pd3vUPJ87LNxnDZ8woOR+smA3mxzLROe/aQd:1V3vUPJ8HvroOR+FOeyQd

Entry address:
0x10EC

Entry point:
68, BC, 98, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 61, 63, 52, 60, 8A, 90, 48, 4B, B4, 68, BA, 54, 3B, 3B, 6B, F8, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 75, 66, 62, 61, 75, 63, 68, 72, 6F, 6E, 69, 6B, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, 59, D8, 6C, 33, D1, B5, 05, 4F, 85, 9C, B1, CC, 7A, 9E, A1, 72, 6C, D8, 99, 6E, D7, DD, 12, 42, B0, B4, 7D, B2, 70, 9D, AF, F0, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
156 KB (159,744 bytes)

Remove tmp55.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.