home

eojet.exe

eojet

Eorezo

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application eojet.exe by Eorezo has been detected as adware by 12 anti-malware scanners.
Publisher:
Eorezo  (signed and verified)

Product:
eojet

Version:
1.4.0.0

MD5:
0d483f95d1fd205a2c6a2e2856ec1fb5

SHA-1:
2030715f5b36c348e59b24481750e3843e006606

SHA-256:
8ec270ec2e310b522ed537da8b4fd9f6267a8bb994991b07eb6afda138a7de5a

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/24/2024 11:54:26 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Eorezo-BH [Adw]
2014.9-140722

AVG
MalSign.Adware
2015.0.3405

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.14722

Bkav FE
W32.Clodc48.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17939

ESET NOD32
Win32/Adware.EoRezo.AJ (variant)
8.9548

IKARUS anti.virus
Win32.Eorezo
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11451

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Startup.Eorezo.F
14.8.7.17

Sophos
EoRezo Adware
4.98

VIPRE Antivirus
Adware.Eorezo.a
27434

File size:
671.6 KB (687,728 bytes)

Product version:
1.4.0.0

Copyright:
(c) All rights reserved.

Original file name:
eojet

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\eojet\eojet.exe

Digital Signature
Signed by:
Eorezo

Authority:
VeriSign, Inc.

Valid from:
10/12/2010 2:00:00 AM

Valid to:
10/14/2012 1:59:59 AM

Subject:
CN=Eorezo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Eorezo, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C6BCF65EA37004BFC9D8ABAF7BE4E73

File PE Metadata
Compilation timestamp:
11/3/2011 5:28:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:q9ChXGXaEe5q4hN2kAF5zmQqo5QOvVHnOzlvqnuMEP2:LCalN2kit446+uA

Entry address:
0x53A6D

Entry point:
E8, 7E, 80, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, 3C, 33, 48, 00, E8, 01, 81, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, 8C, 32, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, AE, 3C, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 51, 53, 55, 56, 57, FF, 35, 48, D1, 49, 00, E8, F9, 79, 00, 00, FF, 35, 44, D1, 49, 00, 8B, F0, 89, 74, 24, 18, E8, E8, 79, 00, 00, 8B, F8, 3B, FE, 59, 59, 0F, 82, 84, 00, 00, 00, 8B, DF, 2B, DE...
 
[+]

Code size:
448 KB (458,752 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
eojet.exe

Command:
C:\users\{user}\appdata\local\eojet\eojet.exe -runonce


Remove eojet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.