» szn9ddf.tmp.exe
Overview
Analysis
File Details

szn9ddf.tmp.exe

Seznam.cz, a.s.

The application szn9ddf.tmp.exe by Seznam.cz, a.s has been detected as a potentially unwanted program by 16 anti-malware scanners.

File name:

szn9ddf.tmp.exe

Publisher:

Seznam.cz, a.s. (signed and verified)

MD5:

583182b77ddb5edeef9f07ebd4cb0683

SHA-1:

7ce2e89f8404d2811c53f6fdad898dc658aa8638

SHA-256:

de18f160d4326f01fcf7ab2d9d10dd20fc0f6aee8668536a779ce7fbe089467f

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

11/26/2024 10:20:09 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.mmHfkmjPu3mO

763

AVG

HackTool

2016.0.3241

Bitdefender

Gen:Application.Heur.mmHfkmjPu3mO

1.0.20.15

Dr.Web

Tool.PassView.849

9.0.1.03

ESET NOD32

Win32/PSWTool.WebBrowserPassView (variant)

9.10904

F-Secure

Gen:Application.Heur.mmHfkmjPu3mO

11.2015-03-01_7

G Data

Gen:Application.Heur.mmHfkmjPu3mO

15.1.24

Kaspersky

not-a-virus:HEUR:PSWTool.Win32.NetPass

14.0.0.2699

McAfee

HTool-PWSFFox

5600.6897

Microsoft Security Essentials

HackTool:Win32/BrowserPassview

1.11302

MicroWorld eScan

Gen:Application.Heur.mmHfkmjPu3mO

16.0.0.9

NANO AntiVirus

Riskware.Win32.PassView.dchbub

0.28.6.64267

Panda Antivirus

Trj/CI.A

15.01.03.05

Qihoo 360 Security

Malware.QVM01.Gen

1.0.0.1015

Reason Heuristics

PUP.Seznam (M)

16.10.19.12

Zillya! Antivirus

Backdoor.PePatch.Win32.42070

2.0.0.2009

File size:

198.7 KB (203,472 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\szn9ddf.tmp.exe

Digital Signature

Signed by:

Seznam.cz, a.s.

Authority:

Thawte, Inc.

Valid from:

9/23/2014 2:00:00 AM

Valid to:

4/11/2015 1:59:59 AM

Subject:

CN="Seznam.cz, a.s.", O="Seznam.cz, a.s.", L=Praha 5, S=Praha 5, C=CZ

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7328E1773A755016272BB51524E38F71

File PE Metadata

Compilation timestamp:

7/6/2014 6:50:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:wswSY/2NMVTXJvk/i9QImLDDjb2PdREZ0VcQ1eGAQ0/2M1BiCCwN232DMdsGaJ1:wzSE2NgZhMXDjb2ffcnlQm518wN0QF3

Entry address:

0x5AF20

Entry point:

60, BE, 00, D0, 42, 00, 8D, BE, 00, 40, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

188 KB (192,512 bytes)

Remove szn9ddf.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.