» c5a1.tmp
Overview
Analysis
File Details

c5a1.tmp

The file c5a1.tmp has been detected as malware by 24 anti-virus scanners. According to Microsoft Security Essentials, this Dorkbot IRC-based worm is designed to capture user names and passwords by intercepting on your network traffic, and can block websites that are related to security updates. It can also be used to launch denial of service (DoS) attacks.

File name:

c5a1.tmp

MD5:

68a8a7b4a978472b116c9785ad6caad2

SHA-1:

acbc334241c16aff890b7ebea2aa12b863da6b0b

SHA-256:

cbd64e090672194cbe472650d5d92612b68923da763d5f1de904b9b44bfacb65

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

5/6/2024 5:36:00 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Bublik

7.1.1

AhnLab V3 Security

Worm/Win32.Kolab

2013.08.08

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.95.206

avast!

Win32:Kryptik-IRH [Trj]

2014.9-170315

AVG

Win32/Cryptor

2018.0.2438

Bitdefender

Gen:Variant.Kazy.28311

1.0.20.370

Comodo Security

TrojWare.Win32.Kryptik.AFBS

16727

Emsisoft Anti-Malware

Gen:Variant.Kazy.28311

8.17.03.15.04

ESET NOD32

Win32/Kryptik.AFIU (variant)

11.8661

F-Prot

W32/Backdoor.AF.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.28311

11.2017-15-03_4

G Data

Gen:Variant.Kazy.28311

17.3.22

IKARUS anti.virus

Trojan.Win32.Ransom

t3scan.2.0.3.0

K7 AntiVirus

Trojan

13.170.9214

Kaspersky

Trojan.Win32.Bublik

14.0.0.-1313

McAfee

W32/Pinkslipbot.gen.be

5600.6094

Microsoft Security Essentials

Worm:Win32/Dorkbot.A

1.163.1557.0

MicroWorld eScan

Gen:Variant.Kazy.28311

18.0.0.222

Norman

Krypt.FY

11.20170315

Panda Antivirus

Trj/Pacrypt.F

17.03.15.04

Quick Heal

Worm.PushBot.Gen

3.17.12.00

Sophos

W32/SillyFDC-HN

4.91

Vba32 AntiVirus

Trojan.Krypt.13205

3.12.22.3

VIPRE Antivirus

Trojan.Win32.Autorun.as

20268

File size:

82.5 KB (84,480 bytes)

Common path:

C:\users\{user}\appdata\roaming\c5a1.tmp

File PE Metadata

Compilation timestamp:

3/6/2009 12:45:54 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

Entry address:

0x139039

Entry point:

55, 8B, EC, B9, 00, 02, 00, 00, 81, EC, 1C, 02, 00, 00, B8, 54, 00, 00, 00, 51, 53, 83, EC, 04, 89, 3C, 24, 57, 56, 53, 83, EC, 04, 89, 2C, 24, E9, 03, 01, 00, 00, BA, 17, F0, 54, 00, 42, 52, 31, F6, 81, CE, 20, B5, F0, FF, 81, D6, 00, 4B, 0F, 00, 56, 8D, BD, 70, FE, FF, FF, BA, 00, 90, B5, 20, 81, EA, 19, F3, FF, FF, 81, C2, 19, 43, 9F, DF, 52, 57, E8, 6D, FF, FF, FF, 31, FF, 8B, 95, 7C, FE, FF, FF, 83, DC, F0, 83, F7, 40, 57, BF, 00, 20, 00, 00, 81, EF, 00, F0, FF, FF, 57, C1, E2, 02, BF, 00, 00, 00, 00... 
[+]

Entropy:

7.2792

Developed / compiled with:

Microsoft Visual C++

Code size:

1.2 MB (1,278,464 bytes)

Remove c5a1.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.