home

tmp8cfd.tmp

Korea Network Technology Co., Ltd

The file tmp8cfd.tmp by Korea Network Technology Co. has been detected as a potentially unwanted program by 8 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Korea Network Technology Co., Ltd  (signed and verified)

MD5:
a045fc52277ca50bf606d29edd9e7835

SHA-1:
b2514ffbcbe9389b9fd180cdabedffe3d4253f2a

SHA-256:
d5dec0a047f02a85caa0a2ee724e50b0cd14b5dc98e6c4979163294d2f67c681

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:39:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
5805142

Bitdefender
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
1.0.20.1615

Bkav FE
HW32.Packed
1.3.0.4959

Emsisoft Anti-Malware
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
8.14.11.19.11

F-Secure
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
11.2014-19-11_4

G Data
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
14.11.24

MicroWorld eScan
Gen:Trojan.Heur.RP.EHX@aOEO6mpb
15.0.0.969

Reason Heuristics
PUP.KoreaNetworkTechnologyCo.K
14.11.21.23

File size:
1.5 MB (1,544,104 bytes)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\tmp8cfd.tmp

Digital Signature
Signed by:
Korea Network Technology Co., Ltd

Authority:
Thawte, Inc.

Valid from:
10/3/2013 9:00:00 AM

Valid to:
12/3/2014 8:59:59 AM

Subject:
CN="Korea Network Technology Co., Ltd", O="Korea Network Technology Co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AB67B7C76D88A5693C0C48E34DA770B

File PE Metadata
Compilation timestamp:
10/10/2014 1:14:52 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:RXg5UPoeKcqMuaNYcdWaTEbOb/1YLm2TAFasPr9wKGsQJtxgTWyq0y+w:m5UPoJcqMaETEbOhfksPr+bsqgqMo

Entry address:
0x2D2C26

Entry point:
9C, 54, FF, 34, 24, C7, 44, 24, 08, FA, 1F, 52, 25, 66, 89, 6C, 24, 04, 68, 78, 9C, 20, F7, 52, C7, 44, 24, 0C, DE, 47, BF, 60, 51, C6, 04, 24, 1B, 9C, 8D, 64, 24, 14, E9, F0, C7, 00, 00, 55, 53, 45, 52, 33, 32, 2E, 64, 6C, 6C, 00, E8, 81, EA, E9, FF, 60, 8D, 64, 24, 20, E9, B3, 7C, 00, 00, DC, 40, 0E, 57, 0B, BB, B4, 3A, EE, F3, 6E, 6B, 36, 4E, 15, 0F, D2, DE, B5, DB, 86, 96, 4D, 7F, 52, 66, 0D, 57, 1A, 22, F1, AF, C9, C4, 18, 96, 4A, B7, AF, E6, 58, 81, 71, C0, 37, F5, CC, 03, EC, 75, 06, 4B, 29, F9, 3C...
 
[+]

Entropy:
7.8348  (probably packed)

Code size:
20 KB (20,480 bytes)

Remove tmp8cfd.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.