138f.tmp

The file 138f.tmp has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from livestatscounter.com.
MD5:
264376206eee368da062126ebb541e2d

SHA-1:
22f559171469ed54554940ee50f71c629d8c369c

SHA-256:
25954e7ce99df6e2acf9a02755abcf25ae3a4c9fcfa45f93041a076cb7499ad9

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 3:52:17 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Graftor.285429
16.07.15

ESET NOD32
Win32/Adware.ConvertAd.AII application
8.0.319.0

Norman
Gen:Variant.Graftor.285429
28.05.2016 15:32:18

Reason Heuristics
PUP.ConvertAd.ET (M)
16.7.15.7

VIPRE Antivirus
Threat.4150696
50536

File size:
1.7 MB (1,747,456 bytes)

Common path:
C:\windows\temp\138f.tmp

File PE Metadata
Compilation timestamp:
7/14/2016 11:22:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:BhbFid2Cne9uSj8oXL+v39AcfbZbA7aam:BhR0X89cfbZbA7

Entry address:
0x2CE51

Entry point:
E8, BC, 49, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 2E, 1A, 00, 00, 6A, 16, 5E, 89, 30, E8, D2, 19, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, F8, 19, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01...
 
[+]

Code size:
214 KB (219,136 bytes)

The file 138f.tmp has been seen being distributed by the following URL.

Remove 138f.tmp - Powered by Reason Core Security