e49a.tmp

Whole Tomato Software, Inc.

Publisher:
Whole Tomato Software, Inc.  (signed and verified)

MD5:
76f205c5971f83ce2f562eac3c41a387

SHA-1:
741203a77e5c58e575d2fcece2ec928eb8d576aa

SHA-256:
cd2770cfaf7fedb71a6087067ee30abc4d670a7674d72d02d72966606c4be3f8

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/29/2024 5:58:17 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CWTR trojan
8.0.319.0

F-Secure
Variant.Razy.41100
5.15.96

File size:
597.7 KB (612,000 bytes)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\e49a.tmp

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/27/2011 2:00:00 AM

Valid to:
8/8/2013 1:59:59 AM

Subject:
CN="Whole Tomato Software, Inc.", OU=Secure Application Development, O="Whole Tomato Software, Inc.", L=Englewood, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
39D7DCECF77FD2EA6A18E175C21F116B

File PE Metadata
Compilation timestamp:
2/12/2016 7:41:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.19

CTPH (ssdeep):
12288:+2ElweVxV7+p0DWcxQqN1px7bLOG9yvR5wooiFb72GbF:7E2IxVCplo1pxvLB+3wNil7tJ

Entry address:
0x1A14

Entry point:
55, 33, F6, 8B, EC, 83, C4, CC, 68, B0, 48, 41, 00, FF, 15, B4, F0, 40, 00, 89, 45, FF, E8, 13, 00, 00, 00, 81, C6, 7F, 5B, 00, 00, 6A, 0B, 50, 6A, 01, 48, 50, 6A, 01, 48, 50, 6A, 01, 6A, 00, 6A, 00, 6A, 03, 6A, 00, 6A, 00, 68, 00, 00, 00, 80, 68, 78, 45, 41, 00, FF, 15, B8, F0, 40, 00, 8B, F0, 83, C6, 59, 83, C0, 01, A3, 98, 48, 41, 00, 6A, 17, 57, 0F, 85, 76, 00, 01, 00, 0F, B7, 3D, A5, 15, 41, 00, 89, 3D, AA, 16, 41, 00, BE, 05, 00, 00, 00, 89, 75, E8, BE, BE, 67, 00, 00, 09, 75, F8, 0F, 99, C0, FF, 75...
 
[+]

Code size:
52.5 KB (53,760 bytes)

Scan e49a.tmp - Powered by Reason Core Security