home

awh3541.tmp

The file awh3541.tmp has been detected as a potentially unwanted program by 16 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
MD5:
7d0b812543ed8eb9dc85b0af6d6d0378

SHA-1:
a3e0175b8439a5c9ee8c0b0cc401d930f62a8605

SHA-256:
d87210d024257fa65f89223c0e102a2525231c23f5a5b538dd2fe8a5873906f3

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 8:18:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PHZ
6339179

avast!
Win32:Dropper-gen [Drp]
150320-0

Bitdefender
Adware.Agent.PHZ
1.0.20.430

Clam AntiVirus
Win.Adware.Agent-41383
0.98/21511

Comodo Security
Application.Win32.Amonetize.DE
21556

Dr.Web
Trojan.MulDrop5.47692
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.PHZ
9.0.0.4799

ESET NOD32
Win32/Amonetize.DP potentially unwanted application
7.0.302.0

F-Prot
W32/S-3b0845e2
v6.4.7.1.166

F-Secure
Adware.Agent.PHZ
5.13.68

G Data
Adware.Agent.PHZ
15.3.25

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
14.0.0.2283

MicroWorld eScan
Adware.Agent.PHZ
16.0.0.258

NANO AntiVirus
Trojan.Win32.MulDrop5.dnmafe
0.30.8.659

nProtect
Adware.Agent.PHZ
15.03.27.01

Zillya! Antivirus
Backdoor.PePatch.Win32.64065
2.0.0.2118

File size:
175.1 KB (179,324 bytes)

Common path:
C:\users\{user}\appdata\local\temp\awh3541.tmp

File PE Metadata
Compilation timestamp:
1/25/2015 3:58:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:s8TpKmsHupb8WjeOZmZTgo2T7XqnrMcCWgjWEtS806yRDeNthXVR/0TBfwg:jdsOpbfEZM36F58ZyRDeR/0TBT

Entry address:
0xE1A8

Entry point:
E8, C1, 4A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, EC, 1E, 35, 00, 00, 75, 18, E8, 9F, 34, 00, 00, 6A, 1E, E8, E9, 32, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, EC, 1E, 35, 00, FF, 15, 9C, 70, 34, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, EC, 1E, 35, 00, 00, 75, 18, E8, 55, 34, 00, 00, 6A, 1E, E8, 9F, 32, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3...
 
[+]

Entropy:
6.7243

Code size:
149.5 KB (153,088 bytes)

Remove awh3541.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.