» csmb46a.tmp
Overview
Analysis
File Details

csmb46a.tmp

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The file csmb46a.tmp by TMRG has been detected as adware by 19 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

csmb46a.tmp

Publisher:

TMRG, Inc. (signed and verified)

MD5:

580d9673e5ec5d90de1f83e2fd1742c2

SHA-1:

0dd94bcc3dc39097bf4bea145356e398665dda4f

SHA-256:

868b1aee31c6335a5fc4257f20346e2d99fbd86bc7554b415da41fc19b13b3b1

Scanner detections:

19 / 68

Status:

Adware

Analysis date:

11/22/2024 4:47:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Relevant.AY

703

avast!

Win32:Monitor-Y [PUP]

2014.9-150303

AVG

Generic4

2016.0.3181

Bitdefender

Adware.Relevant.AY

1.0.20.310

Bkav FE

W32.Clodbd9.Trojan

1.3.0.4959

Emsisoft Anti-Malware

Adware.Relevant.AY

8.15.03.03.04

ESET NOD32

Win32/Adware.Mongoose

9.10566

F-Prot

W32/MalwareF.ZFU

v6.4.7.1.166

F-Secure

Adware.Relevant.AY

11.2015-03-03_3

G Data

Adware.Relevant.AY

15.3.24

Malwarebytes

Adware.Mongoose

v2015.03.03.04

MicroWorld eScan

Adware.Relevant.AY

16.0.0.186

NANO AntiVirus

Riskware.Win32.Mongoose.ifvt

0.28.2.62671

nProtect

Adware.Relevant.AY

14.10.15.01

Reason Heuristics

PUP.TMRG

15.3.3.16

Sophos

RelevantKnowledge

4.98

Vba32 AntiVirus

Adware.Mongoose

3.12.26.3

VIPRE Antivirus

Adware.Win32.RelevantKnowledge.a

33942

Zillya! Antivirus

Trojan.Inject.Win32.61325

2.0.0.1956

File size:

148.6 KB (152,192 bytes)

Common path:

C:\users\{user}\appdata\local\temp\csmb46a.tmp

Digital Signature

Signed by:

TMRG, Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/16/2007 9:00:00 PM

Valid to:

9/27/2009 8:59:59 PM

Subject:

CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

02491544000D8C9D63F061B1EBAE8466

File PE Metadata

Compilation timestamp:

6/9/2009 6:20:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:x4FOXyZWPGXJ3jvrIoWEL1WAxZGy7wSm01bAh5JUlZVO8BQF:xWn0PGZ3jvrIjtiUyMkVAuVOqS

Entry address:

0xC4AF

Entry point:

6A, 0C, 68, 38, B2, 01, 10, E8, 75, 01, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 54, 04, 02, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, E8, 1C, 02, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, D0, AC, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

96 KB (98,304 bytes)

Remove csmb46a.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.