» amd external events client.exe
Overview
Analysis
File Details
Behaviors (1)

amd external events client.exe

AMD External Events

AMD

The executable amd external events client.exe, “AMD External Events Client Module” has been detected as malware by 15 anti-virus scanners.

File name:

Publisher:

AMD

Product:

AMD External Events

Description:

AMD External Events Client Module

Version:

6.14.11.1164

MD5:

bab41d4a81a189ad2717fd809ce481d3

SHA-1:

898f22828f96d8ce4d0271311b065a3612373d7e

SHA-256:

6a58f34ee8faa7b8cee2dbdb0e4e267a18cf848abc35cf8fd273b5552dc5b1a8

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/25/2024 12:00:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.318123

925

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.14725

Bitdefender

Gen:Variant.Kazy.318123

1.0.20.1030

Emsisoft Anti-Malware

Gen:Variant.Kazy.318123

8.14.07.25.08

ESET NOD32

MSIL/Agent.ORC (variant)

8.9301

Fortinet FortiGate

W32/Agent.ADRHO!tr

7/25/2014

F-Secure

Gen:Variant.Kazy.318123

11.2014-25-07_6

G Data

Gen:Variant.Kazy.318123

14.7.24

Kaspersky

Trojan.Win32.Agent

14.0.0.3508

Malwarebytes

Trojan.MSIL

v2014.07.25.08

McAfee

Artemis!BAB41D4A81A1

5600.7059

MicroWorld eScan

Gen:Variant.Kazy.318123

15.0.0.618

NANO AntiVirus

Trojan.Win32.Agent.csoykf

0.28.0.57029

Panda Antivirus

Generic Malware

14.07.25.08

Sophos

Mal/Generic-S

4.96

File size:

8 KB (8,192 bytes)

Product version:

6.14.11.1164

Original file name:

ATIECLXX.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\winrar\amd external events client.exe

File PE Metadata

Compilation timestamp:

12/30/2013 5:54:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

96:yPNZZ02dm6s9j8lwBpQA1kTFud26l0SROg2HzMGnhIjtNLTJiDpdjHYgmj8gEbzj:yPN49l8lw7i4gO0SfUyTJiDp58ji9

Entry address:

0x358E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

5.5 KB (5,632 bytes)

Startup File (User Run Once)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:

Windows Base Branding

Command:

C:\users\{user}\appdata\roaming\winrar\amd external events client.exe

Remove amd external events client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.