home

suntemp.ex_

Search Products

The file suntemp.ex_ has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.iainstalls.com and multiple other hosts.
Publisher:
Search Products

Description:
installer

Version:
2016.01.08.1949

MD5:
688ea1bab610226db891d47312f9919a

SHA-1:
bacb9a80fec3f79208dd65c9a7304132c4edbdda

SHA-256:
38a0e837160cdccf0a7c549922b04c4f38706322f5e77d877cecf1152875f2c3

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:58:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2974498
388

Avira AntiVirus
ADWARE/Primawega.118252.44
8.3.2.4

avast!
Win32:Adware-gen [Adw]
2014.9-160113

AVG
AdInject
2017.0.2866

Baidu Antivirus
Adware.Win32.Primawega
4.0.3.16113

Bitdefender
Trojan.GenericKD.2974498
1.0.20.65

Emsisoft Anti-Malware
Trojan.GenericKD.2974498
8.16.01.13.10

ESET NOD32
Win32/AdWare.Primawega
10.12848

Fortinet FortiGate
PossibleThreat.P1
1/13/2016

F-Secure
Trojan.GenericKD.2974498
11.2016-13-01_4

G Data
Trojan.GenericKD.2974498
16.1.25

Kaspersky
Trojan.Win32.Startpage
14.0.0.823

McAfee
Artemis!688EA1BAB610
5600.6522

MicroWorld eScan
Trojan.GenericKD.2974498
17.0.0.39

NANO AntiVirus
Trojan.Nsis.Startpage.dsmxsq
1.0.14.5380

Panda Antivirus
Generic Suspicious
16.01.13.10

Qihoo 360 Security
QVM42.0.Malware.Gen
1.0.0.1077

Sophos
Generic PUA LK (PUA)
4.98

SUPERAntiSpyware
Adware.Primawega/Variant
9388

Trend Micro
TROJ_GEN.R02KC0EA816
10.465.13

ViRobot
Trojan.Win32.A.Startpage.118252.I[h]
2014.3.20.0

File size:
115.5 KB (118,252 bytes)

Product version:
2016.01.08.1949

Copyright:
Copyright © Search Products

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\suntemp.ex_

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:yQIURTXJ545KiI/V/9M01kN3PO32BEW9il:ysb9i4j1kBPwWO

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file suntemp.ex_ has been seen being distributed by the following 2 URLs.

http://www.iainstalls.com/.../SearchLatina.exe

http://www.4sinstalls.com/.../SearchLatina.exe

Remove suntemp.ex_ - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.