6360.tmp.exe

The executable 6360.tmp.exe has been detected as malware by 9 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
MD5:
0c8fc44060fea0e74c317ffa243cc563

SHA-1:
b1cd7e43b01f5c32402c9d762250e06b00abbd28

SHA-256:
e1a16446448b855269513eefd78aa531dd909a1e11379060589698bce7fcebd7

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/25/2024 6:42:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2906152
423

Arcabit
Trojan.Generic.D2C5828
1.0.0.628

Bitdefender
Trojan.GenericKD.2906152
1.0.20.1710

Emsisoft Anti-Malware
Trojan.GenericKD.2906152
8.15.12.08.03

F-Secure
Trojan.GenericKD.2906152
11.2015-08-12_3

G Data
Trojan.GenericKD.2906152
15.12.25

MicroWorld eScan
Trojan.GenericKD.2906152
16.0.0.1026

nProtect
Trojan.GenericKD.2906152
15.12.04.01

Panda Antivirus
Trj/Genetic.gen
15.12.08.03

File size:
794 KB (813,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\6360.tmp.exe

File PE Metadata
Compilation timestamp:
12/2/2015 8:40:46 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:VB8BvoZO/1+ujLXdoS7rRSqBl6Ja7CKZNvQp:UBvoE9+Sn9lBl68bQp

Entry address:
0x92BEF

Entry point:
E8, D3, C6, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 0A, F3, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, F4, F2, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 00, 12, 4C, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, ED, CA, FF, FF, 8B, 47, 08, 8B, 4F, 0C, 03, CE...
 
[+]

Entropy:
6.6625

Code size:
677 KB (693,248 bytes)

Scheduled Task
Task name:
Malware Cleaner

Trigger:
Daily (Runs daily at 10:04 AM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.227.67:443)

Remove 6360.tmp.exe - Powered by Reason Core Security