home

c31a.tmp

Lavasoft Limited

Publisher:
Lavasoft Limited  (signed and verified)

MD5:
da3888b967510d99fb5f0623957c241a

SHA-1:
44b8ac96dbcd4b68cd82359570e337afd2c8286a

SHA-256:
1ca1a181f793f337784981c9e1c20d08b43e1ac160b29ac3df61eb575c5815c3

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/26/2024 1:49:30 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Kryptik.FFXO trojan
6.3.12010.0

File size:
806.6 KB (825,976 bytes)

Common path:
C:\users\{user}\appdata\local\temp\c31a.tmp

Digital Signature
Signed by:
Lavasoft Limited

Authority:
VeriSign, Inc.

Valid from:
1/28/2011 1:00:00 AM

Valid to:
1/28/2013 12:59:59 AM

Subject:
CN=Lavasoft Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft Limited, L=Sliema, S=SLM, C=MT

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CEC887E3A0E10A63F47C72B25751AB9

File PE Metadata
Compilation timestamp:
12/30/1998 10:12:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

Entry address:
0x303E

Entry point:
68, F7, 07, 4B, 00, 68, F7, 07, 4B, 00, 68, F7, 07, 4B, 00, FF, 15, 9F, E5, 4A, 00, BE, 6A, 0D, 00, 00, 50, 8B, F5, 55, B8, 00, 00, 00, 00, 8B, CD, FF, 15, A3, E5, 4A, 00, A3, 13, 0A, 4B, 00, FF, 15, A7, E5, 4A, 00, A3, 0F, 0A, 4B, 00, 6A, 01, 6A, 01, 6A, 01, FF, 15, 0B, E6, 4A, 00, A3, 0F, 0A, 4B, 00, 8B, 0D, 0F, 0A, 4B, 00, 81, E9, 01, 01, 01, 00, 74, 0C, BF, 13, 09, 00, 00, FF, D0, FF, D7, C2, EA, 00, 8B, EC, 81, EC, 4C, 0B, 00, 00, 33, C0, 50, FF, 35, 48, 24, 4B, 00, 8B, 05, 3C, 26, 4B, 00, 50, 8B, 05...
 
[+]

Packer / compiler:
PKLITE32 v1.1

Code size:
44.5 KB (45,568 bytes)

Scan c31a.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.