» trz3829.tmp
Overview
Analysis
File Details

trz3829.tmp

Product Downloader

The file trz3829.tmp by Product Downloader has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

trz3829.tmp

Publisher:

Product Downloader (signed and verified)

MD5:

4c02c01d2a9a8154a8b2d916853f0abc

SHA-1:

606b862fe09b1a713dab3ce9716db0f6b5c69908

SHA-256:

6208ad281ba8c5f9ebc47ef35aebe7e5ed9fd9f1a2c4f4ed01489dcaa03f51b4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/28/2024 1:36:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallMonetizer (M)

16.8.9.2

File size:

772.5 KB (791,088 bytes)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\trz3829.tmp

Digital Signature

Signed by:

Product Downloader

Authority:

COMODO CA Limited

Valid from:

10/9/2015 2:00:00 AM

Valid to:

10/9/2016 1:59:59 AM

Subject:

CN=Product Downloader, O=Product Downloader, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

08D30BBE7CFCAFD1947E3DCD8C005E9B

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:F7bEdni7Ccb4DUZDIIHscLOlJd5A8J0wbJd5A8Y:RwniwAJssOlSq/bSl

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove trz3829.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.