» tmpf25a.exe
Overview
Analysis
File Details
Behaviors (1)

tmpf25a.exe

Saline

ICOFX SOFTWARE SRL

The application tmpf25a.exe by ICOFX SOFTWARE SRL has been detected as a potentially unwanted program by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Igtsoft’.

File name:

tmpf25a.exe

Publisher:

The Eraser Project (signed by ICOFX SOFTWARE SRL)

Product:

Saline

Version:

7.06.0002

MD5:

666321dabf3cb0d1c68ada766a79c33e

SHA-1:

ef1727d1b1cf95332a01eac8cedb00b9c292020a

SHA-256:

3d3e6b1fea17a5dbb5fb33133d6465d8bf9c41bdb7cacab7e1f26ece913d5624

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:00:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2135106

6465596

AhnLab V3 Security

Trojan/Win32.Miuref

2015.02.07

Avira AntiVirus

TR/Dropper.VB.27598

7.11.208.88

avast!

Win32:Malware-gen

150129-1

AVG

Inject2

2016.0.3206

Bitdefender

Trojan.GenericKD.2135106

1.0.20.190

Emsisoft Anti-Malware

Trojan.GenericKD.2135106

9.0.0.4799

ESET NOD32

Win32/Injector.BTUC trojan

7.0.302.0

F-Secure

Trojan.GenericKD.2135106

5.13.68

G Data

Trojan.GenericKD.2135106

15.2.25

K7 AntiVirus

Unwanted-Program

13.193.14895

Kaspersky

Trojan.Win32.Muref

15.0.0.543

Malwarebytes

Trojan.Dorkbot.ED

v2015.02.07.03

McAfee

Trojan.Artemis!666321DABF3C

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.191.3929.0

MicroWorld eScan

Trojan.GenericKD.2135106

16.0.0.114

nProtect

Trojan.GenericKD.2135106

15.02.06.01

Panda Antivirus

Trj/Chgt.O

15.02.07.03

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Muref.r3

2.15.14.00

Total Defense

Win32/Miuref.XKTXGID

37.0.11426

VIPRE Antivirus

Threat.4150696

37240

Zillya! Antivirus

Trojan.Muref.Win32.35

2.0.0.2056

File size:

190.1 KB (194,680 bytes)

Product version:

7.06.0002

Saline

Trademarks:

Saline

Original file name:

Saline.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Taiwanese)

Common path:

C:\users\{user}\appdata\local\igtsoft\tmpf25a.exe

Digital Signature

Signed by:

ICOFX SOFTWARE SRL

Authority:

COMODO CA Limited

Valid from:

2/4/2013 1:00:00 AM

Valid to:

2/5/2016 12:59:59 AM

Subject:

CN=ICOFX SOFTWARE SRL, O=ICOFX SOFTWARE SRL, STREET=str. Teilor nr. 10 sc. 2 ap. 24, L=Floresti, S=Cluj, PostalCode=407280, C=RO

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DE9F0854CD6936A239D0FF5B81756164

File PE Metadata

Compilation timestamp:

9/24/2014 12:08:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:9L0bB4mwOjzS8xjlNwWv4HFXs2c2MZD92L0NeY7c9uZ7:l0b13j2UnCs277Loee

Entry address:

0x12E4

Entry point:

68, DC, 25, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 33, 1E, 9E, A8, C7, 57, D1, 42, BA, 61, 46, B6, 7E, 59, 73, B3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 72, 62, 6F, 74, 65, 6E, 62, 65, 73, 74, FC, 72, 7A, 65, 6E, 64, 65, 73, 00, 20, 20, 20, 00, 00, 00, 00, FF, CC, 31, 00, 10, 11, C7, 14, 4D, 28, 16, 6E, 46, 99, 87, 30, D9, 54, 4A, 98, BE, ED, A8, 89, AC, 86, 04, D7, 42, A9, 8D, 6D, 13, 63, E7, 88, A8, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

148 KB (151,552 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Igtsoft

Command:

C:\users\{user}\appdata\local\igtsoft\tmpf25a.exe

Remove tmpf25a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.