home

nr_proto_641664429644160119.tmp

Open Joint-Stock Company BIFIT

The file nr_proto_641664429644160119.tmp has been detected as malware by 1 anti-virus scanner.
Publisher:
Open Joint-Stock Company BIFIT  (signed and verified)

MD5:
f9d2098f1efa71ababf31d69c5cb5cbf

SHA-1:
bc903aff9349548e4122f1f658f6b10bc9d1f031

SHA-256:
f481c37806a74dfe608eba462b845708c290107876077c2da317cb82d2b64ab7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 1:46:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Downloader (M)
17.2.24.13

File size:
872.7 KB (893,616 bytes)

Common path:
C:\users\{user}\appdata\local\temp\nr_proto_641664429644160119.tmp

Digital Signature
Signed by:
Open Joint-Stock Company BIFIT

Authority:
DigiCert Inc

Valid from:
6/1/2015 5:00:00 AM

Valid to:
6/6/2018 5:00:00 PM

Subject:
CN=Open Joint-Stock Company BIFIT, O=Open Joint-Stock Company BIFIT, L=Moscow, C=RU, PostalCode=105203, STREET="46, ul. Nizhnyaya Pervomayskaya", SERIALNUMBER=1077746075461, OID.1.3.6.1.4.1.311.60.2.1.3=RU, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D1C30FB9008667B2635713E39151CC2

File PE Metadata
Compilation timestamp:
7/12/2016 6:28:00 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1D0709

Entry point:
E9, 93, F5, FD, FF, E9, 17, 70, F3, FF, 88, 45, FE, E9, 7E, E6, FF, FF, E9, B7, A7, 00, 00, FF, 10, 48, D3, FF, 80, D2, CF, 48, 83, C4, 20, D3, F2, 48, 8D, B4, 24, DE, 4F, B2, 02, FF, C7, C0, FE, 07, 5A, 66, 09, FE, 0F, A5, F7, 66, D3, C6, 0F, 93, C7, 5F, 66, FF, C9, F8, F6, D5, 5E, FE, C3, 59, D3, C5, 5B, 66, D3, D5, 48, 83, C4, 28, 48, 8D, AD, D9, 05, 28, 6D, 66, 0F, B6, EA, 5D, C3, E9, 8F, C6, FD, FF, 48, 8D, 3C, 9D, 25, 4E, 9C, F6, 0F, B6, FA, 48, 8B, 7D, 10, E9, 7C, FF, FF, FF, E9, F6, 75, 00, 00, 87...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
238 KB (243,712 bytes)

Remove nr_proto_641664429644160119.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.