tmp0000033fc11f2c1f857a626a

eShield

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file tmp0000033fc11f2c1f857a626a by eShield has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
eShield  (signed and verified)

Product:
Eshield

Version:
2.0.0.2010

MD5:
9515b4d0e85896e5933d4711c1f4d705

SHA-1:
f02ecdce4c06a352ec5b95d7e6d4055f88e6b982

SHA-256:
e4317ee212945d5b68d8359ad4c8ef3ad1bb81d91128b039206eb844c50a6906

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/30/2024 11:14:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tightrope (M)
16.12.4.22

File size:
512 KB (524,288 bytes)

Product version:
2.0.0.2010

Copyright:
© Eshield All Rights Reserved

Original file name:
.dll

Language:
English (United States)

Common path:
C:\windows\temp\tmp0000033fc11f2c1f857a626a

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/21/2014 9:00:00 PM

Valid to:
7/21/2017 8:59:59 PM

Subject:
CN=eShield, O=eShield, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FB390EC6E5B675E625C0B342989627A

File PE Metadata
Compilation timestamp:
9/8/2015 2:59:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:ykyDuuuDDeu3q+9RnJke5lsgZhfNYAeTjUwaL1L2mXbyw/YMmrXdxYUna:ykyhuDDeu3NPJz5lsgxYZw/YMm1a

Entry address:
0xBE3F

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 6A, 64, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C0, 11, 02, 10, E8, 22, 06, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 08, 50, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 48, B2, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
5.9414

Developed / compiled with:
Microsoft Visual C++

Code size:
97 KB (99,328 bytes)

Remove tmp0000033fc11f2c1f857a626a - Powered by Reason Core Security