» awh9991.tmp
Overview
Analysis
File Details

awh9991.tmp

L Agence Exclusive

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The file awh9991.tmp by L Agence Exclusive has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.

File name:

awh9991.tmp

Publisher:

L Agence Exclusive (signed and verified)

MD5:

62beb2cc866054412d5ade51c45dba91

SHA-1:

219183f0b58089777f711986a8e3402521a02ac1

SHA-256:

fc49bcd27849103dde34821a979d6557d5a9077b3c7f70e2c07d01593bbb30f1

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/18/2024 2:34:15 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Eorezo.Gen.YM

7.1.1

Avira AntiVirus

PUA/InstallCore.Gen7

8.3.1.6

avast!

Win32:Eorezo-DK [PUP]

2014.9-150803

AVG

Generic

2016.0.3029

Baidu Antivirus

Adware.Win32.EoRezo

4.0.3.1583

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Adware.Downware.11254

9.0.1.0215

ESET NOD32

Win32/Adware.EoRezo.AZ (variant)

9.12031

Fortinet FortiGate

Adware/Eorezo

8/3/2015

F-Prot

W32/EoRezo.J.gen

v6.4.7.1.166

K7 AntiVirus

Adware

13.207.16756

Kaspersky

not-a-virus:AdWare.Win32.Eorezo

14.0.0.1639

Malwarebytes

PUP.Optional.EORezo

v2015.08.03.06

NANO AntiVirus

Riskware.InnoSetup.EoRezo.dttnyf

0.30.24.2668

Reason Heuristics

PUP.Eorezo.LAgenceExclusive.Installer (M)

15.8.3.6

Sophos

EoRezo Adware

4.98

SUPERAntiSpyware

Adware.EoRezo/Variant

9714

VIPRE Antivirus

Trojan.Win32.Generic

42544

File size:

4.6 MB (4,865,248 bytes)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\awh9991.tmp

Digital Signature

Signed by:

L Agence Exclusive

Authority:

GlobalSign nv-sa

Valid from:

10/31/2014 9:00:28 PM

Valid to:

11/1/2015 9:00:28 PM

Subject:

CN=L Agence Exclusive, O=L Agence Exclusive, L=Paris, S=Ile-De-France, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EC7FDD0BA7F42544161419B65E557A40

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:1wSYDKXLyXkYL4A7LggpBDBtWUmK24UX6lP/8F9LD//ImGJb3M/pJJRB:WByGkIwuxevK2/q38FNLIfJb3M/pJJv

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9988

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove awh9991.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.