home

avg_remover_virut.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from free.avg.com.
MD5:
333dadf6673f60d452d7eb05fdc8a6c6

SHA-1:
dd660cbdf6c33d6658693dbeb692cabbf582716b

SHA-256:
2f023a5bc8dcc357eee419dfedee129785643218a7d0b13a60fa031052040392

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/5/2024 1:29:45 AM UTC  (today)

Scan engine
Detection
Engine version

Sophos
Virus 'Mal/HckPk-A'
5.14

Trend Micro House Call
Suspicious_GEN.F47V0522
7.2.157

File size:
3.3 MB (3,418,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\avg_remover_virut.exe

File PE Metadata
Compilation timestamp:
8/16/2013 10:48:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:p8DCniqb9rZjXPNISEpS3vNuG72lNDMmj/Xt/XhjSouIHSL7M+gSXd1ea1962vo8:pniqdZjKSEguG72l+WXSbDgAuBGw85L

Entry address:
0x11AD740

Entry point:
8E, 65, 00, FF, 8F, 66, 00, FF, 90, 67, 00, FF, 91, 68, 00, FF, 92, 69, 00, FF, 93, 6A, 00, FF, 95, 6B, 00, FF, 97, 6C, 00, FF, 9B, 6F, 00, FF, A1, 74, 00, FF, A6, 79, 00, FF, AC, 7E, 00, FF, B1, 83, 00, FF, B6, 88, 00, FF, BB, 8C, 00, FF, BF, 8F, 00, FF, C2, 92, 00, FF, C4, 95, 00, FF, C8, 96, 00, FF, CA, 98, 00, FF, CC, 9A, 00, FF, CE, 9B, 00, FF, CE, 9B, 00, FF, CE, 9B, 00, FF, CF, 9B, 00, FF, CF, 9B, 00, FF, CF, 9B, 00, FF, CD, 99, 00, FF, CB, 97, 00, FF, C9, 95, 00, FF, C5, 92, 00, FF, C1, 8F, 00, CC...
 
[+]

Entropy:
7.8783  (probably packed)

Code size:
3.2 MB (3,403,776 bytes)

The file avg_remover_virut.exe has been seen being distributed by the following URL.

http://free.avg.com/redir?url=http://download.avg.com/filedir/util/avgrem/avg_remover_virut.exe&urlSec=UhT BzZUdTGTfMN MUDefLYjJIc5sr9PT4gwqqdOZLcEF/.../hefCwCCks7n3TrzKKahEsKR01MNhxdxlKRshJoTHCZZW87XGVxnJf2qmd6HV 5n9ewzkSsJLZHlP3L8GW1A1gJ BE=

Scan avg_remover_virut.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.