home

trz1cc3.tmp

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The file trz1cc3.tmp by Montiera Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dwnl.toolbarservices.com.
Publisher:
Montiera Technologies LTD  (signed and verified)

MD5:
27debd8b2b4a55f5785408082154eede

SHA-1:
48968144f8da4732cec4cb778b324a1e8470ebb2

SHA-256:
a97063162ebb7bf33454a1e512ebbb66fbb35ac38811d92acf21f6e63ff80db7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 7:56:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera (M)
16.6.3.12

File size:
836.9 KB (856,968 bytes)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\trz1cc3.tmp

Digital Signature
Signed by:
Montiera Technologies LTD

Authority:
COMODO CA Limited

Valid from:
7/23/2014 12:00:00 AM

Valid to:
7/23/2015 11:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
7/26/2014 1:34:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:UrdVSGEnOAqPPuJYO6FU/p2Unup4l3j+xA:UrdVSGETkP26FUzY4l+

Entry address:
0x12B48

Entry point:
E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83...
 
[+]

Code size:
121.5 KB (124,416 bytes)

The file trz1cc3.tmp has been seen being distributed by the following URL.

http://dwnl.toolbarservices.com/onekit_1.3.11.0_cn.exe

Remove trz1cc3.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.