» awh82a7.tmp
Overview
Analysis
File Details

awh82a7.tmp

The file awh82a7.tmp has been detected as a potentially unwanted program by 21 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

awh82a7.tmp

MD5:

95fe344ca9bfc4ecc56bc39f7483ddf6

SHA-1:

ad654f31eb664e621091b626dc080e3cab9870c3

SHA-256:

9a9760ecdc0be75824e2647d4bac172a2843a40ae30e9dd00c0fb9a7fae85022

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 10:17:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2128210

725

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2015.02.08

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.208.148

avast!

Win32:Malware-gen

150129-1

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.1529

Bitdefender

Trojan.GenericKD.2128210

1.0.20.200

Bkav FE

HW32.Packed

1.3.0.6379

Dr.Web

Trojan.KillFiles.23111

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKD.2128210

8.15.02.09.12

ESET NOD32

Win32/Amonetize.DE potentially unwanted application

7.0.302.0

F-Secure

Trojan.GenericKD.2128210

11.2015-09-02_2

G Data

Trojan.GenericKD.2128210

15.2.25

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2512

MicroWorld eScan

Trojan.GenericKD.2128210

16.0.0.120

NANO AntiVirus

Trojan.Win32.ZPACK.dmzufr

0.30.0.65070

nProtect

Trojan.GenericKD.2128210

15.02.06.01

Panda Antivirus

Trj/Genetic.gen

15.02.09.12

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.9.12

VIPRE Antivirus

Threat.4150696

37240

Zillya! Antivirus

Backdoor.Klon.Win32.1994

2.0.0.2056

File size:

252 KB (258,048 bytes)

Common path:

C:\users\{user}\appdata\local\temp\awh82a7.tmp

File PE Metadata

Compilation timestamp:

1/25/2015 5:58:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:POrLIkiXmFn8mzx6DZS44lJGPKc60TgfAFEaldMR9RPr/8TBf2fdCFoS9M2OI5t1:Wji2FnKDITmfqaldMF/8TBsAM2bV

Entry address:

0xE1A8

Entry point:

E8, C1, 4A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 3D, EC, 1E, 33, 00, 00, 75, 18, E8, 9F, 34, 00, 00, 6A, 1E, E8, E9, 32, 00, 00, 68, FF, 00, 00, 00, E8, F0, F8, FF, FF, 59, 59, 8B, 45, 08, 85, C0, 75, 01, 40, 50, 6A, 00, FF, 35, EC, 1E, 33, 00, FF, 15, 9C, 70, 32, 00, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, EC, 1E, 33, 00, 00, 75, 18, E8, 55, 34, 00, 00, 6A, 1E, E8, 9F, 32, 00, 00, 68, FF, 00, 00, 00, E8, A6, F8, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3... 
[+]

Entropy:

7.0285

Code size:

149.5 KB (153,088 bytes)

Remove awh82a7.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.