home

efixprotemp.exe

eFix Pro

Reimage Limited

The application efixprotemp.exe, “eFix Pro Downloader” by Reimage Limited has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program eFix Pro by Reimage. The file has been seen being downloaded from cdn.reimage.com.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
eFix Pro

Description:
eFix Pro Downloader

Version:
1.506

MD5:
34ef7728da65e15e1a3bb8b19dd4f5d4

SHA-1:
0ba1ecd5d9aba2de767a0e7cfa33e6ecbe8e6d8d

SHA-256:
83a04085f83141082418c6849f8d517c02e59002d92e40e5ce4e17c6634c5a16

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 6:43:45 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.171
9.0.1.0332

Reason Heuristics
PUP.Optional.ReimageLimited.L
14.11.28.14

File size:
754.4 KB (772,544 bytes)

Product version:
1.506

Copyright:
© Reimage 2014

Original file name:
eFixPro.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\efixprotemp.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
3/18/2014 5:00:00 PM

Valid to:
6/9/2016 4:59:59 PM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 11:20:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:K0g5Fk9rA2QDVRE9YzewxnK3RTo9+pqNTO0gcCre50ET3cfE/KyZEIyTdvwwelO4:F6W9exRE0pnmq/X0EwfE/nEfRI8C

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9020

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file efixprotemp.exe has been discovered within the following program.

eFix Pro  by Reimage
Publisher's description - “The eFix program scans, diagnoses, then repairs your damaged PC with powerful technology that not only fixes your Windows Operating System - it reverses the damage already done with a full database of replacement files.”
www.efix.com
50% remove it
 
Powered by Should I Remove It?

The file efixprotemp.exe has been seen being distributed by the following URL.

http://cdn.reimage.com/download/.../eFixPro.exe

Remove efixprotemp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.