trz2480.tmp

The file trz2480.tmp has been detected as malware by 34 anti-virus scanners. While running, it connects to the Internet address hserv26.homehost.com.br on port 80 using the HTTP protocol.
MD5:
6b574b8508077f657dba693eb9009ce8

SHA-1:
e9726ece224ff9c81652676f47e6c7c29120120b

SHA-256:
b7296b1ce6d5c726ddb1e9ad7728b470a95f21548577d129ba226e7402216e53

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
11/27/2024 3:57:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Packed.Libix.Gen.2
172

Agnitum Outpost
Trojan.Badur
7.1.1

avast!
Win32:Banker-KML [Trj]
2014.9-160816

AVG
Win32/Themida
2017.0.2650

Baidu Antivirus
Trojan.Win32.Badur
4.0.3.16816

Bitdefender
Trojan.Packed.Libix.Gen.2
1.0.20.1145

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
Packed.Win32..Black.~A
22023

Dr.Web
Trojan.Packed.650
9.0.1.0229

Emsisoft Anti-Malware
Trojan.Packed.Libix.Gen
8.16.08.16.05

ESET NOD32
Win32/Packed.Themida (variant)
10.11584

Fortinet FortiGate
W32/Packed.2D18!tr
8/16/2016

F-Prot
W32/Themida_Packed
v6.4.7.1.166

F-Secure
Trojan.Packed.Libix.Gen.2
11.2016-16-08_3

G Data
Trojan.Packed.Libix.Gen
16.8.25

IKARUS anti.virus
Packer.Win32.Themida
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15820

Kaspersky
Trojan.Win32.Badur
14.0.0.-256

Malwarebytes
Malware.Packer.T
v2016.08.16.05

McAfee
Artemis!6B574B850807
5600.6306

Microsoft Security Essentials
TrojanSpy:Win32/Chaori.A
1.1.11602.0

MicroWorld eScan
Trojan.Packed.Libix.Gen.2
17.0.0.687

NANO AntiVirus
Trojan.Win32.Badur.chqyez
0.30.24.1357

Norman
Suspicious.D2!genr
11.20160816

Panda Antivirus
Trj/Thed.A
16.08.16.05

Qihoo 360 Security
Win32/Trojan.117
1.0.0.1015

Quick Heal
Trojan.Black.g4
8.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.15DCA140!366780736
23.00.65.16814

Sophos
Mal/Behav-285
4.98

Trend Micro House Call
TROJ_SPNR.06BE14
7.2.229

Trend Micro
TROJ_SPNR.06BE14
10.465.16

Vba32 AntiVirus
Trojan.Badur
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39987

ViRobot
Trojan.Win32.Agent.4368896[h]
2014.3.20.0

File size:
4.2 MB (4,368,896 bytes)

Common path:
C:\windows\trz2480.tmp

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:1g3XkjbnwO+q3U9n2McEPIqguRrNCxMdZRHVI+AajXFLNNo:2eWYEhTrGe1VI+JjXF3o

Entry address:
0x1A7A014

Entry point:
B8, 00, 00, 00, 00, 60, 0B, C0, 74, 68, E8, 00, 00, 00, 00, 58, 05, 53, 00, 00, 00, 80, 38, E9, 75, 13, 61, EB, 45, DB, 2D, 37, A0, E7, 01, FF, FF, FF, FF, FF, FF, FF, FF, 3D, 40, E8, 00, 00, 00, 00, 58, 25, 00, F0, FF, FF, 33, FF, 66, BB, 19, 5A, 66, 83, C3, 34, 66, 39, 18, 75, 12, 0F, B7, 50, 3C, 03, D0, BB, E9, 44, 00, 00, 83, C3, 67, 39, 1A, 74, 07, 2D, 00, 10, 00, 00, EB, DA, 8B, F8, B8, 68, A2, B9, 01, 03, C7, B9, 6A, A2, A7, 01, 03, CF, EB, 0A, B8, 68, A2, F9, 01, B9, 6A, A2, E7, 01, 50, 51, E8, 84...
 
[+]

Packer / compiler:
Themida 1.8.x.x

Code size:
891 KB (912,384 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hserv26.homehost.com.br  (177.85.96.86:80)

Remove trz2480.tmp - Powered by Reason Core Security