Core Temp.exe

Core Temp

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Core Temp’. The file has been seen being downloaded from dc688.4shared.com and multiple other hosts.
Product:
Core Temp

Description:
CPU temperature and system information utility

Version:
1.0.0.0

MD5:
21da551533adf82a77295eb59d39d7c9

SHA-1:
0c4c9d11658574058e35ff948e7fd8d604faedfd

SHA-256:
9287c283378ef6fc718032b2b4e3104c0f257bead42dc0377493ec680e32a232

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 11:55:51 PM UTC  (a few moments ago)

File size:
746 KB (763,856 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2006 - 2013 Alcpu

Original file name:
Core Temp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\core temp\core temp.exe

File PE Metadata
Compilation timestamp:
3/1/2013 10:43:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:zdHax0zWNg/ip8L+lJq3Almj8RCf4Ner27zZwVkE3UyyNCCoSvtpbXO62BNZzBRY:CzZwi7TyXYnt33ht2zap/37D

Entry address:
0x5867B

Entry point:
E8, 93, CC, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 50, 62, 48, 00, E8, FF, 34, 00, 00, 6A, 0E, E8, F8, C7, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 0C, E5, 49, 00, BA, 08, E5, 49, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 0B, CA, FF, FF, 59, FF, 76, 04, E8, 02, CA, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, EE, 34, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, C4, C6, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.5216

Code size:
439.5 KB (450,048 bytes)

3 Scheduled Tasks
Task name:
Core Temp Autostart Admin

Trigger:
Logon (Runs on logon)

Task name:
Core Temp Autostart user

Trigger:
Logon (Runs on logon)

Task name:
Core Temp Autostart Admin_2

Trigger:
Logon (Runs on logon)


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Core Temp

Command:
"C:\Program Files\core temp\core temp.exe"


The file Core Temp.exe has been seen being distributed by the following 2 URLs.

Scan Core Temp.exe - Powered by Reason Core Security