home

tmpa35f.exe

Sgaloppine

ICOFX SOFTWARE SRL

The application tmpa35f.exe by ICOFX SOFTWARE SRL has been detected as a potentially unwanted program by 29 anti-malware scanners.
Publisher:
The Eraser Project  (signed by ICOFX SOFTWARE SRL)

Product:
Sgaloppine

Version:
1.01

MD5:
409c00e9e194e9dc66856d5573fdf687

SHA-1:
7d93bc82089f0b9af5aae8cf2badafd271a6f524

SHA-256:
d597284cccc0a778d80b942df6562437707c003afbcc5509456b30b0ce336608

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 10:33:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.125412
6383201

Agnitum Outpost
Trojan.Muref
7.1.1

AhnLab V3 Security
Trojan/Win32.Boaxxe
2015.02.16

Avira AntiVirus
TR/Dropper.VB.27781
7.11.210.118

avast!
Win32:Trojan-gen
150203-1

AVG
Generic36
2016.0.3197

Bitdefender
Gen:Variant.Zusy.125412
1.0.20.235

Dr.Web
Trojan.Siggen6.23087
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.125412
9.0.0.4799

ESET NOD32
Win32/Boaxxe.BR trojan
7.0.302.0

Fortinet FortiGate
W32/Muref.BR!tr
2/16/2015

F-Secure
Gen:Variant.Zusy.125412
5.13.68

G Data
Gen:Variant.Zusy.125412
15.2.25

IKARUS anti.virus
Trojan.Win32.Boaxxe
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.194.14971

Kaspersky
Trojan.Win32.Muref
15.0.0.543

Malwarebytes
Trojan.Dorkbot.ED
v2015.02.16.05

McAfee
Trojan.Trojan-FFRC!409C00E9E194
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.5056.0

MicroWorld eScan
Gen:Variant.Zusy.125412
16.0.0.141

Panda Antivirus
Trj/CI.A
15.02.16.05

Reason Heuristics
Trojan.Boaxxe.ET (M)
16.10.12.21

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Miuref.MULBfMB
37.0.11444

Trend Micro House Call
TROJ_GEN.R028C0DBA15
7.2.47

Trend Micro
TROJ_GEN.R028C0DBA15
10.465.16

Vba32 AntiVirus
TScope.Trojan.VB
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Trojan.Muref.Win32.41
2.0.0.2068

File size:
202.1 KB (206,968 bytes)

Product version:
1.01

Copyright:
Sgaloppine

Trademarks:
Sgaloppine

Original file name:
Sgaloppine.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\ProgramData\microsoft\secure\icons\temp\tmpa35f.exe

Digital Signature
Signed by:
ICOFX SOFTWARE SRL

Authority:
COMODO CA Limited

Valid from:
2/3/2013 5:00:00 PM

Valid to:
2/4/2016 4:59:59 PM

Subject:
CN=ICOFX SOFTWARE SRL, O=ICOFX SOFTWARE SRL, STREET=str. Teilor nr. 10 sc. 2 ap. 24, L=Floresti, S=Cluj, PostalCode=407280, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE9F0854CD6936A239D0FF5B81756164

File PE Metadata
Compilation timestamp:
10/27/2014 1:26:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:t8bgblQ6q9QYKsjnlzRStUasxqOd/Em9Rqa:t8qlQ6ijFdJb

Entry address:
0x12F0

Entry point:
68, 68, 3A, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, A0, 2E, 0B, 08, B0, 75, A1, 44, 80, 09, 92, C2, 7C, 5B, E3, 3B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 76, 65, 72, 66, 61, 68, 4D, 6F, 6E, 64, 66, 61, 68, 72, 74, 70, 72, 6F, 67, 72, 61, 6D, 6D, 65, 00, 20, 20, 20, 20, 20, 00, 00, 00, 00, FF, CC, 31, 00, 10, FD, 71, F5, 29, DC, F6, 8D, 41, 93, A9, 72, E9, E6, B9, 1D, 3E, 47, F8, E6, 18, A3, 0B, 60, 40, A3, D7, CD, 86, 8E, 2C, 86, F5, 3A, 4F, AD...
 
[+]

Entropy:
6.4336

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
160 KB (163,840 bytes)

Remove tmpa35f.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.