home

efrdsetup.exe

Eusing Software

The program is a setup application that uses the Wise Installer installer. The file has been seen being downloaded from www.eusing.com and multiple other hosts.
Publisher:
Eusing Software

Description:
Eusing Free Registry Defrag

Version:
2.2

MD5:
ee05947316a099fffddc2873e4e2babf

SHA-1:
03d85331b7916060ad9cc42f1e3358d2037738d8

SHA-256:
f5faff8fce6633f06a3a35a1056b81c3ad131dcc890888a4c9e44ed02b18d8b8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 5:58:13 AM UTC  (today)

File size:
1.1 MB (1,149,900 bytes)

Copyright:
Eusing Software

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\efrdsetup.exe

File PE Metadata
Compilation timestamp:
10/25/2001 8:47:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:ZnW01iV8mAeZX1uPd0y559/9ouBVHs+q7JT/7Tif5G7U91Ft5:ZWkiau1uF/9ouB++q7Qd91T5

Entry address:
0x21AF

Entry point:
55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, CC, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 64, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00...
 
[+]

Entropy:
7.9947

Packer / compiler:
Wise Installer Stub

Code size:
8.5 KB (8,704 bytes)

The file efrdsetup.exe has been discovered within the following program.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file efrdsetup.exe has been seen being distributed by the following 2 URLs.

http://www.eusing.com/.../EFRDSetup.exe

http://www.hide-windows.com/.../EFRDSetup.exe

Scan efrdsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.