home

epm.exe

EaseUS Partition Master

CHENGDU YIWO Tech Development Co., Ltd.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from avlabsoftware.com and multiple other hosts.
Publisher:
EaseUS   (signed by CHENGDU YIWO Tech Development Co., Ltd.)

Product:
EaseUS Partition Master

Description:
EaseUS Partition Master Setup

Version:
9.3.0

MD5:
4ece09b379e384c068c462e28e56624f

SHA-1:
5e6a0950d61c36f74bddbb3e5123a0a844683bea

SHA-256:
36ba10e41cba87f78d4ddd35fd4345e07d1c3c5cbb63518de8077b5a814b8528

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/19/2024 6:24:47 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
8.8944

Fortinet FortiGate
Adware/OpenCandy
1/9/2014

File size:
20.8 MB (21,832,632 bytes)

Product version:
9.3.0

Copyright:
Copyright (c) 2006-2013 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\epm.exe

Digital Signature
Signed by:
CHENGDU YIWO Tech Development Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/23/2012 2:00:00 AM

Valid to:
9/12/2014 1:59:59 AM

Subject:
CN="CHENGDU YIWO Tech Development Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="CHENGDU YIWO Tech Development Co., Ltd.", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
33C34CCA6E6816B62B677D44B06835E5

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:gSYuL22jt85rR2cmRWCPDqBHhNDwhY/1Hk1+a+DeqRBQJSg2VPbzXSD:mJ2ju5Yco7DynwudHo+DDBDBo

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9999

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file epm.exe has been discovered within the following programs.

Java 7 Update 25  by Oracle Corporation
Publisher's description - “Java technology allows you to work and play in a secure computing environment. Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few.”
java.com
4% remove it
Mozilla Firefox 11.0 (x86 en-US)  by Mozilla
Firefox 11 was released on March 13, 2012. Firefox 11 introduced many new features, including migration of bookmarks and history from Google Chrome, SPDY integrated services, Page Inspector Tilt (3D View), Add-on Sync, redesigned HTML5 video controls, and the Style Editor (CSS).
www.mozilla.com/en-US
12% remove it
Mozilla Firefox 21.0 (x86 en-US)  by Mozilla
Firefox 21 was released on May 14, 2013. The Social API now supports multiple providers, enhanced three-state UI for Do Not Track (DNT).
9% remove it
 
Powered by Should I Remove It?

The file epm.exe has been seen being distributed by the following 39 URLs.

http://avlabsoftware.com/.../EaseUS_Partition.Master_9.3_free.exe

http://www.programosy.pl/.../pobierz,easeus-partition-manager-home-edition,2.html

http://filehippo.com/download/file/.../

http://ser4.filedwon.info/files/7/.../EaseUS Partition Master Free 9.3.exe

http://www.avlabsoftware.com/.../EaseUS_Partition.Master_9.3_free.exe

http://download1403.mediafire.com/s5vnwvl0gehg/.../EaseUS Partition Master 9.3.0.exe

http://soft.archive2.clubic.com/files/eaac8b547e9cfc2b3c42f5ea4b5a3fff/52e79202/.../easeus-partition-master_9-3-0_fr_306186.exe

http://shopper.mycommerce.com/softsell/visitor.cgi?affiliate=45065&action=site&vendor=16514&ref=http://download.easeus.com/.../epm.exe

https://www.regnow.com/softsell/visitor.cgi?affiliate=45065&action=site&vendor=16514&ref=http://download.easeus.com/.../epm.exe

http://fs37.filehippo.com/5631/.../epm.exe

http://www.filehippo.com/download/file/.../

http://fs35.filehippo.com/4258/.../epm.exe

http://www.filehippo.com/download/file/.../

http://fs31.filehippo.com/9300/.../epm.exe

http://www.filehippo.com/download/file/.../

http://soft.archive1.clubic.com/files/0f7f0a340211f8a5eaa99ace9857e76a/52d82945/.../easeus-partition-master_9-3-0_fr_306186.exe

http://soft.archive1.clubic.com/files/98f08519edd1eb86024e6e0a72ecfd9d/52c93d6b/.../easeus-partition-master_9-3-0_fr_306186.exe

http://fs34.filehippo.com/4940/.../epm.exe

http://www.filehippo.com/download/file/.../

http://soft.archive1.clubic.com/files/2ac3dbc914fe1620df24e8ccb761b873/52fa3440/.../easeus-partition-master_9-3-0_fr_306186.exe

http://lb.cdn.m6web.fr/d/c/a/e76af36d4fbd7e6a8bd1f613a48bb9f0/53160365/soft/.../easeus-partition-master_9-3-0_fr_306186.exe

http://d110.cdn.m6web.fr/soft/.../easeus-partition-master_9-3-0_fr_306186.exe

http://lb.cdn.m6web.fr/d/c/a/3069b239b177064383d58c4c9e0fa168/5314cff1/soft/.../easeus-partition-master_9-3-0_fr_306186.exe

http://soft.archive1.clubic.com/files/0e0253b1813a7b76f6bce26e2ba2d1ce/52de4aa4/.../easeus-partition-master_9-3-0_fr_306186.exe

http://www.commentcamarche.net/download/.../telecharger-34056035-easeus-partition-master

http://soft.archive1.clubic.com/files/3788994708d595e914e66344cac7249a/52dc0c08/.../easeus-partition-master_9-3-0_fr_306186.exe

http://fs31.filehippo.com/5494/.../epm.exe

http://www.filehippo.com/download/file/.../

http://download.easeus.com/.../epm.exe

http://www.skidajmo.com/download.php?path=1216977088587

Latest 30 of 39 download URLs

Scan epm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.