» tmp5c42.exe
Overview
Analysis
File Details

tmp5c42.exe

Advanced display monitor properties

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable tmp5c42.exe, “Advanced display monitor properties” has been detected as malware by 32 anti-virus scanners.

File name:

tmp5c42.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Advanced display monitor properties

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

15f263775553296d859145b34105cf41

SHA-1:

dab35c2a3c5e8d201a4a7b8f2846bf4e821d9016

SHA-256:

37656136bcf7384c58b7e2e1892da56c77e2c35dfb99a99017ed46400a39a1f3

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/25/2024 9:28:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.384503

856

Agnitum Outpost

Trojan.Symmi

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2014.06.17

Avira AntiVirus

TR/Crypt.Xpack.43633

7.11.155.58

avast!

Win32:FiestaEK-L [Trj]

2014.9-141002

AVG

Crypt3

2015.0.3334

Baidu Antivirus

Trojan.Win32.Redyms

4.0.3.14102

Bitdefender

Gen:Variant.Kazy.384503

1.0.20.1375

Dr.Web

Trojan.Packed.26783

9.0.1.0275

Emsisoft Anti-Malware

Gen:Variant.Kazy.384503

8.14.10.02.04

ESET NOD32

Win32/Redyms.AG

8.9955

Fortinet FortiGate

W32/Agent.AG!tr

10/2/2014

F-Prot

W32/Backdoor2.HUTL

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.384503

11.2014-02-10_5

G Data

Gen:Variant.Kazy.384503

14.10.24

IKARUS anti.virus

Trojan.Crypt3

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.1712422

Kaspersky

Trojan.Win32.Agent

14.0.0.3164

Malwarebytes

Trojan.FakeMS

v2014.10.02.04

McAfee

RDN/Generic.dx!dcb

5600.6990

Microsoft Security Essentials

Trojan:Win32/Dynamer

1.10600

MicroWorld eScan

Gen:Variant.Kazy.384503

15.0.0.825

NANO AntiVirus

Trojan.Win32.Agent.cyvzdk

0.28.0.60253

Norman

Troj_Generic.UANPB

11.20141002

Panda Antivirus

Trj/Genetic.gen

14.10.02.04

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.Agen.r7

10.14.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PEM14

7.2.275

Trend Micro

TROJ_GEN.R0CBC0PEM14

10.465.02

Vba32 AntiVirus

Trojan.Agent.agkjr

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

30356

File size:

273.5 KB (280,064 bytes)

Product version:

6.1.7600.16385

Original file name:

deskmon.dll

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp5c42.exe

File PE Metadata

Compilation timestamp:

5/20/2014 9:29:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:U5h1i/aIXws1S6FrKzgG3Gp05CRB/Nq3/klLUHgDcyVldCv85HZ:KQa52DuIlWSHZ

Entry address:

0x19AD0

Entry point:

55, 8B, EC, B8, 70, 01, 00, 00, E8, E1, 31, 01, 00, A1, 6C, 67, 43, 00, 33, C5, 89, 45, B0, C7, 45, D4, 5C, 77, 69, 60, C6, 45, DF, 3F, C7, 45, E8, BB, 7C, 91, 6E, C6, 45, A3, FD, C6, 45, CB, 65, C7, 45, D8, 69, 7A, B0, 77, C7, 45, A4, F5, 35, EE, 38, C6, 45, E7, 5E, A1, D4, DD, 42, 00, 89, 45, A8, 8B, 0D, D8, DD, 42, 00, 89, 4D, AC, C7, 45, CC, D8, 92, EC, 32, FF, 15, D0, D0, 42, 00, 89, 45, F8, 8B, 55, F8, 89, 55, E0, 0F, B6, 05, 5A, 00, 43, 00, 85, C0, 74, 16, 0F, BE, 0D, C1, 00, 43, 00, 0F, BE, 15, 0E... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

176 KB (180,224 bytes)

Remove tmp5c42.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.