» tmpd2da.exe
Overview
Analysis
File Details

tmpd2da.exe

The executable tmpd2da.exe has been detected as malware by 26 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

tmpd2da.exe

MD5:

97e7c0f4b79f9ffbf1a421e503e9a617

SHA-1:

24f04de5e7b923fbd9a313dd026bbc47e19bc46b

SHA-256:

ac95f6b57660f2f52066e4385ba5d9d77a0c853474441bb0b25e3bac12c1fa96

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/27/2024 2:21:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BDJU

856

Agnitum Outpost

TrojanSpy.Zbot

7.1.1

AhnLab V3 Security

Dropper/Win32.Necurs

2014.06.11

Avira AntiVirus

TR/Crypt.Xpack.65038

7.11.154.60

avast!

Win32:Zbot-UAM [Trj]

2014.9-141002

AVG

Inject2

2015.0.3334

Bitdefender

Trojan.Agent.BDJU

1.0.20.1375

Bkav FE

W32.HoukecH.Trojan

1.3.0.4959

Dr.Web

Trojan.DownLoad3.32895

9.0.1.0275

Emsisoft Anti-Malware

Trojan.Agent.BDJU

8.14.10.02.04

ESET NOD32

Win32/Injector.BFHV (variant)

8.9924

F-Secure

Trojan.Agent.BDJU

11.2014-02-10_5

G Data

Trojan.Agent.BDJU

14.10.24

IKARUS anti.virus

Ransom.Win32.Reveton

t3scan.1.6.1.0

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.3164

Malwarebytes

Spyware.Zbot.ED

v2014.10.02.04

McAfee

Artemis!97E7C0F4B79F

5600.6990

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!KK

1.10600

MicroWorld eScan

Trojan.Agent.BDJU

15.0.0.825

NANO AntiVirus

Trojan.Win32.Zbot.dahucr

0.28.0.60253

nProtect

Trojan.Agent.BDJU

14.06.10.01

Panda Antivirus

Trj/CI.A

14.10.02.04

Qihoo 360 Security

HEUR/Malware.QVM19.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R08NH07F814

7.2.275

VIPRE Antivirus

Trojan.Win32.Generic

30164

File size:

106.5 KB (109,072 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\application data\microsoft\crypto\rsa64\temp\tmpd2da.exe

File PE Metadata

Compilation timestamp:

5/23/2014 5:36:28 AM

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:jiO//mqr/gRFMGSHE5E9j9KD5kdXN8iEDy1VomH//amJfYrfd0z3a1o2:jF//mA/gRFMGbE9ot+8iXH6mJwr4n2

Entry address:

0x330E

Entry point:

90, 8B, EC, 6A, 90, 68, 90, 00, 90, 00, 68, 70, 35, 40, 00, 64, A1, 90, 00, 00, 00, 90, 64, 89, 90, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, 90, 15, 0C, 42, 40, 00, 59, 83, 0D, 90, 80, 40, 00, FF, 83, 0D, 4C, 80, 40, 00, FF, FF, 15, 08, 42, 40, 00, 8B, 0D, 28, 80, 40, 00, 89, 08, FF, 15, 04, 42, 40, 00, 8B, 0D, 24, 90, 40, 00, 89, 08, A1, 00, 42, 40, 00, 8B, 00, A3, 44, 80, 40, 00, E8, 0D, FC, FF, FF, 39, 90, 20, 7D, 40, 00, 75, 0C, 68, 6C, 35, 40, 00, FF, 15... 
[+]

Code size:

12 KB (12,288 bytes)

Remove tmpd2da.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.