3af4.tmp.exe

Track

PWI, Inc.

The executable 3af4.tmp.exe has been detected as malware by 9 anti-virus scanners.
Publisher:
CSoft Technologies Inc.  (signed by PWI, Inc.)

Product:
Track

Version:
6.04

MD5:
991fbb933c04433aa453d246b1a0982f

SHA-1:
bd5837262b1dfa2cab8dfbec8e517f9b109a115c

SHA-256:
6fa20fe5860363f6de2b218b723e550fdd60dd4c46292bff687416af3bbeb95f

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/27/2024 11:58:44 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
150717-0

Dr.Web
Trojan.DownLoader18.46667
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Symmi.60351
11.5.0.6191

ESET NOD32
Win32/Injector.CPRO trojan
8.0.319.0

F-Prot
W32/VB.DPU
4.6.5.141

F-Secure
Variant.Symmi.60351
5.15.96

Kaspersky
Trojan.Win32.Kovter
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.219.1472.0

Norman
Gen:Variant.Symmi.60351
10.04.2016 15:29:17

File size:
370.3 KB (379,208 bytes)

Product version:
6.04

Original file name:
Track.exe

File type:
Executable application (Win32 EXE)

Language:
Japanese (Japan)

Common path:
C:\users\{user}\appdata\local\temp\3af4.tmp.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/7/2013 12:00:00 AM

Valid to:
7/6/2014 11:59:59 PM

Subject:
CN="PWI, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="PWI, Inc.", L=New Albany, S=Ohio, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
50162F95815C2D310127D687A5CD7B15

File PE Metadata
Compilation timestamp:
1/7/2016 6:29:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:tZRXXXXXXXXXXXXXXXXXXXXzL7lAA8y2Z448XItjSxnnyn2R7/hi9CigkVG7HLaZ:trXXXXXXXXXXXXXXXXXXXX5LSkYtjSZO

Entry address:
0x126C

Entry point:
68, 90, D7, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 43, DB, 05, E4, DE, 98, AC, 48, 91, 01, 6C, 5E, C2, 64, BA, E9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 0A, 43, 61, 70, 74, 69, 46, 75, DF, 70, 72, 6F, 62, 6C, 65, 6D, 61, 74, 69, 6B, 65, 6E, 00, 20, 20, 20, 22, 4D, 69, 73, 00, 00, 00, 00, FF, CC, 31, 00, 13, B7, D7, EE, C9, 28, B9, 0C, 4F, 8B, E2, 3A, 59, 8E, 2A, 9A, CD, 86, ED, B1, 6C, 5F, 10, 23, 42, A0, 39, 4D, D2, F7, E4, 7C, AB, 3A, 4F, AD...
 
[+]

Entropy:
7.1398

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
332 KB (339,968 bytes)

Remove 3af4.tmp.exe - Powered by Reason Core Security