lt_tg.exe

Local Temperature

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application lt_tg.exe by Core Systems has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from d14vy52t6pvsik.cloudfront.net.
Publisher:
Local Temperature LLC  (signed by Core Systems)

Product:
Local Temperature

Version:
1.0.0.2

MD5:
e07881282bc7cafdc14ead139a163355

SHA-1:
f6127a6085e0b7dc396fb75cd1e706823854e334

SHA-256:
d2a2f98689c5a60baff4618b28852134bfa9d60a1e82eca80ec1fd15c60053e6

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/24/2024 2:18:05 AM UTC  (today)

Scan engine
Detection
Engine version

herdProtect (fuzzy)
2015.7.8.6

Malwarebytes
PUP.Optional.LocalTemperature.C
v2015.04.03.06

Reason Heuristics
PUP.Weather.Installer
15.5.14.18

Trend Micro House Call
Suspici.F994BFB8
7.2.93

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.5085375
38552

File size:
894.7 KB (916,176 bytes)

Copyright:
Local Temperature LLC © 2015. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\windows\temp\bbe62a8b-7832-436e-8de6-e34bd38abf42\lt_tg.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 9:26:02 PM

Valid to:
6/17/2015 9:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:fWhSJQWan2dH/bmDjQjzkUkdXqT2RqqfMpzX0gTwsycA:ESah2dHiXIzkJdXqT4MpzXNwsY

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9797

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file lt_tg.exe has been seen being distributed by the following URL.

Remove lt_tg.exe - Powered by Reason Core Security