» tmp8861.exe
Overview
Analysis
File Details

tmp8861.exe

Microsoft Office Help Viewer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable tmp8861.exe has been detected as malware by 16 anti-virus scanners.

File name:

tmp8861.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft Office Help Viewer

Version:

12.0.6606.1000

MD5:

54ef0267b11bafaf13cb40effb9d404e

SHA-1:

2c220e7f3891bab9a040a7a09ccf626f644b343c

SHA-256:

204d6925baf520da1ada779f310c60c50da4769a1ff13bd57973bf540bde6d2b

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/16/2024 10:09:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BFES

856

AhnLab V3 Security

Trojan/Win32.Zbot

2014.09.10

Avira AntiVirus

TR/Crypt.ZPACK.96672

7.11.171.110

avast!

Win32:Dropper-gen [Drp]

2014.9-141002

Bitdefender

Trojan.Agent.BFES

1.0.20.1375

Emsisoft Anti-Malware

Trojan.Agent.BFES

8.14.10.02.04

ESET NOD32

Win32/Boaxxe.BR

8.10389

F-Secure

Trojan.Agent.BFES

11.2014-02-10_5

G Data

Trojan.Agent.BFES

14.10.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3164

Malwarebytes

Trojan.FakeMS.ED

v2014.10.02.04

McAfee

Artemis!54EF0267B11B

5600.6990

MicroWorld eScan

Trojan.Agent.BFES

15.0.0.825

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

32954

File size:

122.5 KB (125,440 bytes)

Product version:

12.0.6606.1000

Original file name:

clview.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmp8861.exe

File PE Metadata

Compilation timestamp:

11/1/2014 7:30:34 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:AHG27D8yRW90DUbDF2LUHetui55IVK7OMUuAv+:y7X4CqAwHetmKqM

Entry address:

0x11B0

Entry point:

55, 8B, EC, 83, EC, 0C, 6A, 00, FF, 15, D0, 31, 41, 00, 6A, 00, FF, 15, D4, 31, 41, 00, 6A, 00, FF, 15, D8, 31, 41, 00, 6A, 00, FF, 15, DC, 31, 41, 00, 8B, 45, FC, 50, FF, 15, E0, 31, 41, 00, 8B, 4D, FC, 69, C9, D7, 01, 00, 00, 89, 4D, FC, 68, D7, 10, 00, 00, 6A, 00, FF, 15, F8, 31, 41, 00, 85, C0, 74, 07, 33, C0, E9, 41, 02, 00, 00, 6A, 00, FF, 15, 50, 30, 41, 00, 8B, 55, FC, 81, EA, 7A, 01, 00, 00, 89, 55, FC, 8B, 45, FC, 05, 90, 0C, 00, 00, 89, 45, FC, 8B, 4D, FC, 51, FF, 15, E4, 31, 41, 00, 8B, 55, FC... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

71 KB (72,704 bytes)

Remove tmp8861.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.