home

ewnrgt.exe

Meteoroids

Acute Angle Solutions Ltd.

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application ewnrgt.exe, “Meteoroids Service” by Acute Angle Solutions has been detected as adware by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “EwNRGt”.
Publisher:
Acute Angle Solutions  (signed by Acute Angle Solutions Ltd.)

Product:
Meteoroids

Description:
Meteoroids Service

Version:
1.0.0.0

MD5:
834d369b2a563390fd2dce63111fb435

SHA-1:
eb2ebf8f60b23b0b3f6530c2ad379f443db3f8b6

SHA-256:
960a2fd837e2c3a3ec7cbcd034cc460e45e71424703d1a3e22fd7a0329e9ea00

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/20/2024 1:09:24 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.1492

ESET NOD32
MSIL/Adware.PullUpdate (variant)
8.10346

Malwarebytes
PUP.Optional.Meteroids.A
v2014.09.02.03

Reason Heuristics
PUP.Service.AcuteAngleSolutions.G
14.10.1.11

Sophos
Pull Update
4.98

VIPRE Antivirus
Injekt
32728

File size:
2.2 MB (2,319,744 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Acute Angle Solutions 2014

Original file name:
MeteoroidsService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\mmrujrkqcq\ewnrgt.exe

Digital Signature
Signed by:
Acute Angle Solutions Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/31/2014 1:00:00 AM

Valid to:
2/1/2015 12:59:59 AM

Subject:
CN=Acute Angle Solutions Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Acute Angle Solutions Ltd., L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0A7A77148C6F7A33F9174DA187F6FEF0

File PE Metadata
Compilation timestamp:
8/28/2014 11:43:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:1LTOadYYk0zAhH5FpJ+WCmoukNUW2n6LyM/OP9ryKB8P:4aAk1fONnAx2PcKBO

Entry address:
0x23610E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,310,656 bytes)

Service
Display name:
EwNRGt

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove ewnrgt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.