» untb2f3.tmp.exe
Overview
Analysis
File Details

untb2f3.tmp.exe

CatalinaGroup Update

Catalina Group LTD

The application untb2f3.tmp.exe, “CatalinaGroup Update Setup” by Catalina Group has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory.

File name:

untb2f3.tmp.exe

Publisher:

Catalina Group Ltd. (signed by Catalina Group LTD)

Product:

CatalinaGroup Update

Description:

CatalinaGroup Update Setup

Version:

1.3.25.216

MD5:

a4eeb3604bce621ba1be25c6d9e2ccff

SHA-1:

84cf7170c4c430134f49da9d941792967f82f912

SHA-256:

e15f2e2db3eef5eec45c0fd43f20a77408d8166bfec1e53f5831f4940036b1b0

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 9:34:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12761773

701

Agnitum Outpost

Trojan.DownLoad

7.1.1

AhnLab V3 Security

Downloader/Win32.Agent

2015.02.10

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:Malware-gen

2014.9-150306

AVG

Adware Skodna.Generic_r

2016.0.3179

Bitdefender

Trojan.Generic.12761773

1.0.20.325

Clam AntiVirus

Win.Trojan.12761773

0.98/20153

Dr.Web

Adware.Downware.9733

9.0.1.065

Emsisoft Anti-Malware

Trojan.Generic.12761773

8.15.03.06.05

F-Prot

W32/S-c6e01abf

v6.4.7.1.166

F-Secure

Trojan.Generic.12761773

11.2015-06-03_6

G Data

Trojan.Generic.12761773

15.3.25

herdProtect (fuzzy)

variant of unt3c4d.tmp.exe (PUP)

2015.6.12.20

IKARUS anti.virus

PUA.Optional.Install

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.197.15026

Kaspersky

Trojan-Dropper.Win32.Agent

14.0.0.2389

McAfee

GenericATG-FBEN!4B7E96A8B1BB

5600.6835

MicroWorld eScan

Trojan.Generic.12761773

16.0.0.195

NANO AntiVirus

Trojan.Win32.DownLoad3.dmkcaz

0.30.0.65070

nProtect

Trojan.Generic.12761773

15.02.09.01

Reason Heuristics

PUP.Installer.Catalina

15.3.6.5

Vba32 AntiVirus

Hoax.PornoBlocker

3.12.26.3

VIPRE Antivirus

Threat.4150696

36694

ViRobot

Worm.Win32.P2P-Palevo.C.Gen[h]

2014.3.20.0

Zillya! Antivirus

Dropper.Agent.Win32.179569

2.0.0.2059

File size:

712.6 KB (729,656 bytes)

Product version:

1.3.25.216

Original file name:

CatalinaUpdateSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\untb2f3.tmp.exe

Digital Signature

Signed by:

Catalina Group LTD

Authority:

Catalina Group LTD

Valid from:

1/13/2015 11:12:24 AM

Valid to:

1/1/2040 12:59:59 AM

Subject:

CN=Catalina Group LTD

Issuer:

CN=Catalina Group LTD

Serial number:

568DCCE59DA31E824D774823249F0E25

File PE Metadata

Compilation timestamp:

1/30/2015 3:05:40 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:vofRz/QcDLxz0wMk2njhBopoGxVYrL+dBbmzdZG0VLNeajshDmTej3UcGXLr:vINZCpnF6mradsz9Nnjsh53U9

Entry address:

0x49AA

Entry point:

E8, FD, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 52, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, B4, 49, 40, 00, FF, 15, 08, D0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 10, D0, 40, 00, FF, 75, 08, FF, 15, 0C, D0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Code size:

46.5 KB (47,616 bytes)

Remove untb2f3.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.