home

trzc8.tmp

The file trzc8.tmp has been detected as malware by 22 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from pornodop.com and multiple other hosts.
MD5:
3bc5f2a22d8887e88abc6312be1b71e3

SHA-1:
d9a787ab236cf197a13856c36c665c0219463ccc

SHA-256:
c2b98b3bc61a11dc0e278edfe72b0df12247d573193bc19ec788c7db14b216d0

Scanner detections:
22 / 68

Status:
Malware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/16/2024 11:59:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11991598
825

Agnitum Outpost
Trojan.CL.Agent
7.1.1

Avira AntiVirus
TR/Agent.124587
7.11.182.50

avast!
Win32:Dropper-gen [Drp]
2014.9-141101

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.14111

Bitdefender
Dropped:Trojan.Generic.11991598
1.0.20.1525

Bkav FE
HW32.Packed
1.3.0.6185

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11991598
8.14.11.01.10

ESET NOD32
Win32/TrojanClicker.Agent.NWE
8.10641

F-Secure
Dropped:Trojan.Generic.11991598
11.2014-01-11_7

G Data
Dropped:Trojan.Generic.11991598
14.11.24

IKARUS anti.virus
Trojan.Agent
t3scan.1.8.3.0

K7 AntiVirus
Spyware
13.185.13840

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3010

McAfee
RDN/Generic.dx!dgk
5600.6959

MicroWorld eScan
Dropped:Trojan.Generic.11991598
15.0.0.915

NANO AntiVirus
Trojan.Win32.Agent.dgzzqf
0.28.6.62995

Norman
Suspicious_Gen4.HDWGQ
11.20141101

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0C1H05JJ14
7.2.305

VIPRE Antivirus
Trojan.Win32.Generic
34350

File size:
121.7 KB (124,587 bytes)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\trzc8.tmp

File PE Metadata
Compilation timestamp:
1/5/2010 3:27:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:gatMkcLnsX3BJeMTyDI59kU/ltYjO3xBixVBW6efhk:R6Ls3vTyDI0CYS3xB47hv

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 9B, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 47, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, AA, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D4, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.5402

Code size:
33 KB (33,792 bytes)

The file trzc8.tmp has been seen being distributed by the following 2 URLs.

http://pornodop.com/get.php?c=SHN0Q2ZhMjAzODg4MD0xMzkwODc2NzI4MTc4O0hzdENsYTIwMzg4ODA9MTM5MjkyNjk0ODc4ODtIc3RDbXUyMDM4ODgwPTEzOTA4NzY3MjgxNzg7SHN0UG4yMDM4ODgwPTE7SHN0UHQyMDM4ODgwPTEzO0hzdENudjIwMzg4ODA9ODtIc3RDbnMyMDM4ODgwPTk7ZXh2PXRzdGwwMztleGltZz1odHRwOi8vaS5pbWd1ci5jb20vRjNUajkzay5wbmc7UEhQU0VTU0lEPTU1NzEwYTQzMGU4ODYwYzRhYmIyYWNmNzUyMzM5MDQwO3R3X3RhYnMyPXRhYnMyLTI7bGZyb209bm9yZWY7VUlfdHJhZGVfc3RhdHNfX3dpbmRvd1g9MDtVSV90cmFkZV9zdGF0c19fd2luZG93WT0tMjtzdW1fY2hlY2tlZD1BcnJheTtmcm9tPW5vcmVmO2lkY2hlY2s9MTM5MjkyNjk4OTt2cz1ub3JlZnxub3JlZnw7aW5kZXhfcGFnZT0xO3JvdF9pbj0xOw==&id=x1&exv=tttxx1

http://hornypornmilfs.com/.../go.php?c=SHN0Q2ZhMjAzODg4MD0xMzkwODc2NzI4MTc4O0hzdENsYTIwMzg4ODA9MTM5MjkyNjk0ODc4ODtIc3RDbXUyMDM4ODgwPTEzOTA4NzY3MjgxNzg7SHN0UG4yMDM4ODgwPTE7SHN0UHQyMDM4ODgwPTEzO0hzdENudjIwMzg4ODA9ODtIc3RDbnMyMDM4ODgwPTk7ZXh2PXRzdGwwMztleGltZz1odHRwOi8vaS5pbWd1ci5jb20vRjNUajkzay5wbmc7UEhQU0VTU0lEPTU1NzEwYTQzMGU4ODYwYzRhYmIyYWNmNzUyMzM5MDQwO3R3X3RhYnMyPXRhYnMyLTI7bGZyb209bm9yZWY7VUlfdHJhZGVfc3RhdHNfX3dpbmRvd1g9MDtVSV90cmFkZV9zdGF0c19fd2luZG93WT0tMjtzdW1fY2hlY2tlZD1BcnJheTtmcm9tPW5vcmVmO2lkY2hlY2s9MTM5MjkyNjk4OTt2cz1ub3JlZnxub3JlZnw7aW5kZXhfcGFnZT0xO3JvdF9pbj0xOw==&id=x1&exv=tttxx1

Remove trzc8.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.