» awh862c.tmp
Overview
Analysis
File Details

awh862c.tmp

ROMEO SOUTH SL

The file awh862c.tmp by ROMEO SOUTH SL has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer.

File name:

awh862c.tmp

Publisher:

ROMEO SOUTH SL (signed and verified)

MD5:

6e4c2d040604fa4210ca5ef905e94b8e

SHA-1:

f0a67cf99e00e0e86f229556ce7f44f1348d68d9

SHA-256:

042bf0ea6518776f45b616f1a9ae855d6a1a30206dd6b3612583a24856ccc911

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

4/25/2024 5:52:15 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2017.0.2841

Dr.Web

Trojan.Vittalia.365

9.0.1.037

IKARUS anti.virus

Trojan.Crypt

t3scan.1.9.5.0

Malwarebytes

PUP.Optional.Bundler

v2016.02.06.10

NANO AntiVirus

Trojan.Script.Vittalia.dywvfn

1.0.14.5317

Reason Heuristics

PUP.Vitallia.ROMEOSOUTH.Installer (M)

16.2.6.22

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

432.4 KB (442,768 bytes)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\awh862c.tmp

Digital Signature

Signed by:

ROMEO SOUTH SL

Authority:

GoDaddy.com, Inc.

Valid from:

5/29/2013 1:00:31 PM

Valid to:

6/19/2014 8:09:57 PM

Subject:

CN=ROMEO SOUTH SL, O=ROMEO SOUTH SL, L=Madrid, S=Madrid, C=ES

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277A328668E577

File PE Metadata

Compilation timestamp:

5/8/2010 7:11:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

12288:faIW28XGlQPZpF+Fa8uJkh8HY1M4BTIRP3:faIWhXzF+4GyChZIh3

Entry address:

0x3E3F

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, B0, 5D, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 04, 57, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, E7, 5D, 00, 00, A3, 04, 08, 43, 00, 51, C7, 04, 24, 08, 00, 00, 00, E8, 27, 32, 00, 00, A3, B4, 08, 43, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, 81, 5C, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, E4, 08... 
[+]

Entropy:

7.1197

Code size:

35.5 KB (36,352 bytes)

Remove awh862c.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.