» tmps.exe
Overview
Analysis
File Details

tmps.exe

Install-Tech

The application tmps.exe by Install-Tech has been detected as adware by 28 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.

File name:

tmps.exe

Publisher:

Install-Tech (signed and verified)

MD5:

934cf1c4aae41366f642f771255697c1

SHA-1:

cc3d5199f6b46024a380b5691b59c4c8c4597427

SHA-256:

ea8820916f80db1b690643948114b025a9461248e9935f65eeed063be7fa123d

Scanner detections:

28 / 68

Status:

Adware

Analysis date:

4/26/2024 2:20:58 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11267013

964

Agnitum Outpost

Trojan.Badur

7.1.1

AhnLab V3 Security

Trojan/Win32.Downloader

14.06.16

Avira AntiVirus

TR/Dldr.Agent.312408.2

7.11.149.244

avast!

Win32:Agent-ATNM [Trj]

2014.9-140616

AVG

Downloader.Agent2

2015.0.3442

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14616

Bitdefender

Trojan.Generic.11267013

1.0.20.835

Comodo Security

TrojWare.Win32.TrojanDownloader.Agent.AOB

18281

Emsisoft Anti-Malware

Trojan.Generic.11267013

8.14.06.16.08

Fortinet FortiGate

W32/Genome.ALF!tr.dldr

6/16/2014

F-Secure

Trojan.Generic.11267013

11.2014-16-06_2

G Data

Trojan.Generic.11267013

14.6.24

IKARUS anti.virus

Trojan-Downloader.Win32.Genome

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.177.12101

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3703

Malwarebytes

Trojan.Downloader

v2014.06.16.08

McAfee

Artemis!934CF1C4AAE4

5600.7098

MicroWorld eScan

Trojan.Generic.11267013

15.0.0.501

NANO AntiVirus

Trojan.Win32.Genome.cxhrhg

0.28.0.59911

Norman

Genome.CERT

11.20140616

nProtect

Trojan.Generic.11267013

14.05.15.01

Panda Antivirus

Generic Malware

14.06.16.08

Qihoo 360 Security

Win32/Trojan.e6d

1.0.0.1015

Reason Heuristics

PUP.InstallTech.E

14.6.16.8

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Badur

10540

Vba32 AntiVirus

TrojanDownloader.Genome

3.12.26.0

File size:

305.1 KB (312,408 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\tmps.exe

Digital Signature

Signed by:

Install-Tech

Authority:

Install-Tech CA

Valid from:

4/28/2014 6:02:20 PM

Valid to:

1/1/2040 12:59:59 AM

Subject:

CN=Install-Tech

Issuer:

CN=Install-Tech CA

Serial number:

D5C9E948FB65E39646E0D90E4FE17BF6

File PE Metadata

Compilation timestamp:

5/4/2014 9:52:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:DUAkCAVTvDi+O2mwbEueavSHp+M/+g6IEAU4fb4Kjj+AdGR+X+ecP4IDjUU:DUA7AlvowEueySHm4fbb++XfcP4IDjUU

Entry address:

0x1CB88

Entry point:

E8, 0E, 80, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 9C, 15, 44, 00, 75, 02, F3, C3, E9, B9, 81, 00, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, AC, 67, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, C4, 50, 43, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F... 
[+]

Code size:

205.5 KB (210,432 bytes)

Remove tmps.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.