home

tplistubsetup.exe

The application tplistubsetup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The file has been seen being downloaded from grv.downserver2.com.
MD5:
b8acdb60c39ca9809d140855830e2378

SHA-1:
2ec457811f141bd9da9261c02d363a450090e28a

SHA-256:
e06a64031933b197ae6d15afa4080d99db0645d07a8f7b7a66e9cd38563a0de3

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 3:25:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DealPly
7.1.1

avast!
Win32:Malware-gen
2014.9-160212

Baidu Antivirus
PUA.Win32.DealPly
4.0.3.16212

ESET NOD32
Win32/DealPly.AG potentially unwanted (variant)
10.11563

Fortinet FortiGate
Riskware/DealPly
2/12/2016

F-Prot
W32/Symmi.BG.gen
v6.4.7.1.166

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.675

McAfee
Artemis!B8ACDB60C39C
5600.6492

NANO AntiVirus
Riskware.Win32.DealPly.dnpbel
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
16.02.12.12

Trend Micro House Call
TROJ_GEN.R08NC0OBE15
7.2.43

Trend Micro
TROJ_GEN.R08NC0OBE15
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
39858

File size:
425.1 KB (435,268 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\tplistubsetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:jYFt/viGzjsfXl0Nx9myTMm8x3IW6fvyl1ofFiOUJuQCjWm3CYSlYW0vBdFE:s6ijsfE9mKM9YWQG1osBCjPyYSp2FE

Entry address:
0x5D018

Entry point:
55, 8B, EC, 83, C4, F0, B8, 80, CE, 45, 00, E8, 84, 9D, FA, FF, B8, 01, 00, 00, 00, E8, 36, 60, FA, FF, 83, F8, 5B, 75, 7A, 79, 80, 0C, 00, 8B, 8C, 04, 00, BB, 7D, 14, 01, 7F, 10, 32, 00, D7, 02, 0E, 00, 04, 37, 2B, 00, 31, 8B, F5, 30, 79, 80, 0C, 00, 8B, 8C, 04, 00, BB, 7D, 14, 01, 7F, 10, 32, 00, D7, 02, 0E, 00, 04, 37, 2B, 00, 31, 8B, F5, 30, 79, 80, 0C, 00, 8B, 8C, 04, 00, BB, 7D, 14, 01, 7F, 10, 32, 00, D7, 02, 0E, 00, 04, 37, 2B, 00, 31, 8B, F5, 30, 79, 80, 0C, 00, 8B, 8C, 04, 00, BB, 7D, 14, 01, 7F...
 
[+]

Entropy:
6.6548

Developed / compiled with:
Microsoft Visual C++

Code size:
368.5 KB (377,344 bytes)

The file tplistubsetup.exe has been seen being distributed by the following URL.

http://grv.downserver2.com/TPLIStubSetup.exe

Remove tplistubsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.