home

tmpf5c6.exe

Laufzeitbeschränkung4

6 Wunderkinder GmbH

Publisher:
Lostramo  (signed by 6 Wunderkinder GmbH)

Product:
Laufzeitbeschränkung4

Description:
Lostramo

Version:
8.08

MD5:
1352db35407d1360b5bc077e5299c24b

SHA-1:
7af2b49cd7b35c45ca3476cf43ed098471faa7d5

SHA-256:
3c9b6be853e5bac5bdae3e171b379ba2e398c89e2719ad08bbc6fd9a2bade41b

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/4/2024 2:11:30 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CSVH trojan
8.0.319.0

File size:
183.2 KB (187,552 bytes)

Product version:
8.08

Original file name:
Lostramo.exe

File type:
Executable application (Win32 EXE)

Language:
Árabe (Arabia Saudí)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\tmpf5c6.exe

Digital Signature
Signed by:
6 Wunderkinder GmbH

Authority:
Symantec Corporation

Valid from:
1/7/2016 5:00:00 PM

Valid to:
2/6/2017 4:59:59 PM

Subject:
CN=6 Wunderkinder GmbH, O=6 Wunderkinder GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
36C84D4A1289E42DE51C84FAD2683E03

File PE Metadata
Compilation timestamp:
2/22/2016 12:55:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:aG2JEzO92QX0Axasacenhb19qcVQnjNTxZo3KO4/kfqXurwlC0j:caS92QX0BPc65UnBxZ2Kt/kSurw

Entry address:
0x28F4

Entry point:
68, C8, 6F, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 23, B4, 13, DA, AA, 2D, 34, 47, A1, 17, 5B, 85, 7C, E9, 84, B4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 06, 50, 83, 02, 42, 75, 73, 62, 65, 67, 6C, 65, 69, 74, 75, 6E, 67, 65, 6E, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, B2, 13, 80, D3, 36, 9A, 4E, 41, 98, F1, CF, BE, 2D, 38, 90, FA, E8, BD, 00, B8, 52, 5A, F2, 4A, A5, D8, E5, B1, 6C, FE, EC, 32, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.4441

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
156 KB (159,744 bytes)

Scan tmpf5c6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.