» trz2480.tmp
Overview
Analysis
File Details
Network (1)

trz2480.tmp

The file trz2480.tmp has been detected as malware by 34 anti-virus scanners. While running, it connects to the Internet address hserv26.homehost.com.br on port 80 using the HTTP protocol.

File name:

trz2480.tmp

MD5:

6b574b8508077f657dba693eb9009ce8

SHA-1:

e9726ece224ff9c81652676f47e6c7c29120120b

SHA-256:

b7296b1ce6d5c726ddb1e9ad7728b470a95f21548577d129ba226e7402216e53

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

11/27/2024 3:57:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Packed.Libix.Gen.2

172

Agnitum Outpost

Trojan.Badur

7.1.1

avast!

Win32:Banker-KML [Trj]

2014.9-160816

AVG

Win32/Themida

2017.0.2650

Baidu Antivirus

Trojan.Win32.Badur

4.0.3.16816

Bitdefender

Trojan.Packed.Libix.Gen.2

1.0.20.1145

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

Packed.Win32..Black.~A

22023

Dr.Web

Trojan.Packed.650

9.0.1.0229

Emsisoft Anti-Malware

Trojan.Packed.Libix.Gen

8.16.08.16.05

ESET NOD32

Win32/Packed.Themida (variant)

10.11584

Fortinet FortiGate

W32/Packed.2D18!tr

8/16/2016

F-Prot

W32/Themida_Packed

v6.4.7.1.166

F-Secure

Trojan.Packed.Libix.Gen.2

11.2016-16-08_3

G Data

Trojan.Packed.Libix.Gen

16.8.25

IKARUS anti.virus

Packer.Win32.Themida

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15820

Kaspersky

Trojan.Win32.Badur

14.0.0.-256

Malwarebytes

Malware.Packer.T

v2016.08.16.05

McAfee

Artemis!6B574B850807

5600.6306

Microsoft Security Essentials

TrojanSpy:Win32/Chaori.A

1.1.11602.0

MicroWorld eScan

Trojan.Packed.Libix.Gen.2

17.0.0.687

NANO AntiVirus

Trojan.Win32.Badur.chqyez

0.30.24.1357

Norman

Suspicious.D2!genr

11.20160816

Panda Antivirus

Trj/Thed.A

16.08.16.05

Qihoo 360 Security

Win32/Trojan.117

1.0.0.1015

Quick Heal

Trojan.Black.g4

8.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.15DCA140!366780736

23.00.65.16814

Sophos

Mal/Behav-285

4.98

Trend Micro House Call

TROJ_SPNR.06BE14

7.2.229

Trend Micro

TROJ_SPNR.06BE14

10.465.16

Vba32 AntiVirus

Trojan.Badur

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39987

ViRobot

Trojan.Win32.Agent.4368896[h]

2014.3.20.0

File size:

4.2 MB (4,368,896 bytes)

Common path:

C:\windows\trz2480.tmp

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:1g3XkjbnwO+q3U9n2McEPIqguRrNCxMdZRHVI+AajXFLNNo:2eWYEhTrGe1VI+JjXF3o

Entry address:

0x1A7A014

Entry point:

B8, 00, 00, 00, 00, 60, 0B, C0, 74, 68, E8, 00, 00, 00, 00, 58, 05, 53, 00, 00, 00, 80, 38, E9, 75, 13, 61, EB, 45, DB, 2D, 37, A0, E7, 01, FF, FF, FF, FF, FF, FF, FF, FF, 3D, 40, E8, 00, 00, 00, 00, 58, 25, 00, F0, FF, FF, 33, FF, 66, BB, 19, 5A, 66, 83, C3, 34, 66, 39, 18, 75, 12, 0F, B7, 50, 3C, 03, D0, BB, E9, 44, 00, 00, 83, C3, 67, 39, 1A, 74, 07, 2D, 00, 10, 00, 00, EB, DA, 8B, F8, B8, 68, A2, B9, 01, 03, C7, B9, 6A, A2, A7, 01, 03, CF, EB, 0A, B8, 68, A2, F9, 01, B9, 6A, A2, E7, 01, 50, 51, E8, 84... 
[+]

Packer / compiler:

Themida 1.8.x.x

Code size:

891 KB (912,384 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hserv26.homehost.com.br (177.85.96.86:80)

Remove trz2480.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.