home

avamj.exe

Internet Explorer

ManySign Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application avamj.exe by ManySign has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler named PreviewHandlerSurrogateHost triggered to execute each time a user logs in. The file has been seen being downloaded from skypedong.com.
Publisher:
Microsoft Corporation  (signed by ManySign Inc.)

Product:
Internet Explorer

Version:
11.00.10586

MD5:
231c10a2c3d3fe9dc3aedf7d8282e5d3

SHA-1:
074a2e96ace3593e909979d6adbd90e6682ed060

SHA-256:
a997e199dc3dc7e596464a85832e0d9678b68edafbf0849d9902b90ba4cd13b4

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/22/2025 11:03:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Injector.OJL trojan
8.0.319.0

Reason Heuristics
Adware.Downloader.ManySign.Meta (M)
16.6.14.13

File size:
633.3 KB (648,512 bytes)

Product version:
11.00.10586

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
y01ep001.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\avamj.exe

Digital Signature
Signed by:
ManySign Inc.

Authority:
ManySign Inc.

Valid from:
2/27/2016 8:36:13 AM

Valid to:
2/26/2017 8:36:13 AM

Subject:
E=contact@manysign.com, OU=ManySign Authority, O=ManySign Inc., L=Lansing, S=Michigan, C=US, CN=ManySign

Issuer:
E=contact@manysign.com, OU=ManySign Authority, O=ManySign Inc., L=Lansing, S=Michigan, C=US, CN=ManySign

Serial number:
00A9CE1EFF3DF92E00

File PE Metadata
Compilation timestamp:
3/30/2016 1:44:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:bkqb6NxFrxHmLXqlSOMv3Y3qdY89aOo18hHAeXhjh4GN9pGuXx/yaY0i7:bkY6drxHmbmUmu5h9z9JGuNyj7

Entry address:
0x9CFAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
620 KB (634,880 bytes)

Scheduled Task
Task name:
PreviewHandlerSurrogateHost

Trigger:
Logon (Runs on logon)


The file avamj.exe has been seen being distributed by the following URL.

http://skypedong.com/.../1x3z4.exe

Remove avamj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.