home

1pljatvnq5.exe

Local Temperature

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application 1pljatvnq5.exe by Core Systems has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net.
Publisher:
Local Temperature LLC  (signed by Core Systems)

Product:
Local Temperature

Version:
1.0.0.4

MD5:
658da0c42c56b89397e9a3796941de5d

SHA-1:
37b4b9bafafced252660cb6cc17c1523373681df

SHA-256:
353ac3b905e34a6a8ec43ce3566d5a6ccb5790e80416f77bf33dc1bfa23257cf

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
5/19/2024 12:46:41 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.LocalTemperature.C
v2015.05.18.09

Trend Micro House Call
Suspicious_GEN.F47V0512
7.2.138

VIPRE Antivirus
Bonzuna
40228

File size:
910.5 KB (932,368 bytes)

Copyright:
Core Systems © 2015. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1pljatvnq5.exe

Digital Signature
Signed by:
Core Systems

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 4:26:02 PM

Valid to:
6/17/2015 4:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:O4jYdz49nuog7eSWtU/bODONlq6YBF1xh6WpzOUgyw/LbjnNuh819rNW4c+:O4UxCn2dH/bmYixhL4VyoBuWjIv+

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9801

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 1pljatvnq5.exe has been seen being distributed by the following URL.

http://d2vubraihqcany.cloudfront.net/Installer/.../lt_1205.exe

Remove 1pljatvnq5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.