» tmpea9c.exe
Overview
Analysis
File Details

tmpea9c.exe

Bergaufstiege

DotFix Software

The executable tmpea9c.exe has been detected as malware by 3 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

tmpea9c.exe

Publisher:

DotFix Software (signed and verified)

Product:

Bergaufstiege

Description:

Aufprallpunktes

Version:

8.05.0007

MD5:

0a8209d12f16f83c558ff42f913801ee

SHA-1:

351276320fdc435f9feb2a4c0c52cd5aef32a43c

SHA-256:

7601c2e6d7bd10d10a603e353aa86257626195961dce32ded0718579dec75f52

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/25/2024 9:13:24 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.VB.24336

7.11.189.70

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2878

Malwarebytes

Spyware.Zbot.ED

v2014.11.28.10

File size:

258.6 KB (264,848 bytes)

Product version:

8.05.0007

Blechbremsungen

Trademarks:

Bezirksligaverein0

Original file name:

Carbon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\secure\icons\temp\tmpea9c.exe

Digital Signature

Signed by:

DotFix Software

Authority:

COMODO CA Limited

Valid from:

7/15/2012 7:00:00 AM

Valid to:

7/16/2013 6:59:59 AM

Subject:

CN=DotFix Software, O=DotFix Software, STREET=Nekrasova str. 7, L=Tula, S=Tulskaya obl., PostalCode=300045, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F3976D4C7DBBEE87A0D211C51894BA32

File PE Metadata

Compilation timestamp:

9/19/2014 11:06:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:4r88EsFzYUsKBH4skjHVK5KCHoDQh25OgqVJzFiq3KcDrY25E33WThf:GP5PsKejHVyYDQgOvz6cffE3GN

Entry address:

0x1264

Entry point:

68, 18, 18, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 60, D2, 19, 5F, E8, 5F, BE, 4A, BB, 21, BB, A2, F9, 59, D1, 4E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, E8, EF, F4, 02, 52, 61, 75, 6D, 66, 61, 68, 72, 74, 61, 62, 74, 65, 69, 6C, 75, 6E, 67, 65, 6E, 34, 00, F4, 02, 00, 00, 00, 00, FF, CC, 31, 00, 0F, 3D, 76, 9B, B1, 7B, 35, 16, 45, AB, AA, 88, F2, 90, 20, CA, AB, 08, 66, 27, 8B, A4, 9B, 14, 4E, 94, 65, 3D, 89, C1, 9B, CE, 98, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

240 KB (245,760 bytes)

Remove tmpea9c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.