onspc4bb.tmp

The file onspc4bb.tmp has been detected as a potentially unwanted program by 10 anti-malware scanners. The file has been seen being downloaded from d10huri5h4o4a3.cloudfront.net.
MD5:
b219b72b9da19e646515ddde7b4a0a38

SHA-1:
2a729f185bef6d945e168445cc9ee2c2326afe80

SHA-256:
b0bc7da37b54c647ee53af60b4e9dbe0116aa5da28b0ba592a342d38f5a6c0f4

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 3:23:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.ConvertAd.2
6653772

Baidu Antivirus
Adware.Win32.ConvertAd
4.0.3.1531

Bitdefender
Gen:Variant.Adware.ConvertAd.2
1.0.20.300

Emsisoft Anti-Malware
Gen:Variant.Adware.ConvertAd
9.0.0.4799

ESET NOD32
Win32/Adware.ConvertAd.BD application
7.0.302.0

F-Secure
Gen:Variant.Adware.ConvertAd.2
5.13.68

G Data
Gen:Variant.Adware.ConvertAd
15.3.25

MicroWorld eScan
Gen:Variant.Adware.ConvertAd.2
16.0.0.180

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0E9H09BQ15
7.2.60

File size:
610 KB (624,640 bytes)

Common path:
C:\users\{user}\appdata\local\3cd3b822-1424941097-11e2-9673-ce39e7dc860b\onspc4bb.tmp

File PE Metadata
Compilation timestamp:
2/26/2015 7:19:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:+OGcUDv4Usq3gg3i2P7fvNcC4Tf0wZCa14jzJK:+WVq3F3i2rvNcC4TjRajtK

Entry address:
0x1309C

Entry point:
E8, B0, 7F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, 54, A0, 43, 00, 00, 75, 18, E8, 68, 76, 00, 00, 6A, 1E, E8, B2, 74, 00, 00, 68, FF, 00, 00, 00, E8, A4, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, 54, A0, 43, 00, FF, 15, 9C, 00, 43, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 54, A0, 43, 00, 00, 75, 18, E8, 1E, 76, 00, 00, 6A, 1E, E8, 68, 74, 00, 00, 68, FF, 00, 00, 00, E8, 5A, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
5.6890

Code size:
186 KB (190,464 bytes)

The file onspc4bb.tmp has been seen being distributed by the following URL.

Remove onspc4bb.tmp - Powered by Reason Core Security