» 661.exe
Overview
Analysis
File Details

661.exe

661

The application 661.exe, “661 Setup ” has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory.

File name:

661.exe

Product:

661

Description:

661 Setup

MD5:

e3c72340342ec8e33ee45fbd151f0229

SHA-1:

e03c532722c0262fcd3e8f3ae34fc09c888f096a

SHA-256:

a4b7488b126c8a0e2a0d0a6663f2b65d75da6a9295d5b5e6604e1fab1eb1c0af

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/19/2024 4:31:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Agent.AP

435

Agnitum Outpost

PUA.Eorezo

7.1.1

Avira AntiVirus

ADWARE/EoRezo.Gen

8.3.2.4

Arcabit

Application.Bundler.Agent.AP

1.0.0.624

avast!

Win32:Adware-gen [Adw]

2014.9-151126

AVG

EoRezo

2016.0.2913

Bitdefender

Application.Bundler.Agent.AP

1.0.20.1650

ESET NOD32

Win32/Adware.EoRezo.AY (variant)

9.12626

Fortinet FortiGate

Adware/Eorezo

11/26/2015

F-Secure

Application.Bundler.Agent

11.2015-26-11_5

G Data

Application.Bundler.Agent.AP

15.11.25

IKARUS anti.virus

PUA.EoRezo

t3scan.1.9.5.0

Kaspersky

not-a-virus:AdWare.Win32.Eorezo

14.0.0.1061

Malwarebytes

PUP.Optional.EoRezo

v2015.11.26.07

MicroWorld eScan

Application.Bundler.Agent.AP

16.0.0.990

NANO AntiVirus

Riskware.InnoSetup.EoRezo.dxwajf

0.30.26.4751

Panda Antivirus

Generic Suspicious

15.11.26.07

Qihoo 360 Security

HEUR/QVM06.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Eorezo.Installer (M)

15.11.26.19

Sophos

Generic PUA OA (PUA)

4.98

VIPRE Antivirus

Adware.Eorezo

45436

File size:

421.7 KB (431,849 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\661.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:5QiGhArp1gHNNG+SQ00Vzs378BsYIM3yzc28WE77ICdu:5QiQAMHNNVtyBM3yzEW+u

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9194

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove 661.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.