» package_speedup_installer_multilang.exe
Overview
Analysis
File Details

package_speedup_installer_multilang.exe

594

The application package_speedup_installer_multilang.exe, “594 Setup ” has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from the user's temporary directory.

File name:

Publisher:

594

Product:

594

Description:

594 Setup

MD5:

f8d7aca6a6d43a9a68ec3e2f1ebddadc

SHA-1:

e1bc1faf780f65b3b107a578b36a046668ffa646

SHA-256:

ef363a47e46744a1cd1820a83c89dbfc10f669ee636c7bd974d43cb1c30b0efc

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/24/2024 9:05:34 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Eorezo

7.1.1

Avira AntiVirus

ADWARE/EoRezo.435289.2

8.3.2.2

ESET NOD32

Win32/Adware.EoRezo.AY (variant)

9.12172

Fortinet FortiGate

Adware/Eorezo

11/27/2015

G Data

Win32.Adware.Eorezo

15.11.25

IKARUS anti.virus

PUA.EoRezo

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.2017055

Kaspersky

not-a-virus:AdWare.Win32.Eorezo

14.0.0.1058

Malwarebytes

PUP.Optional.EoRezo

v2015.11.27.08

NANO AntiVirus

Riskware.InnoSetup.EoRezo.dttnyf

0.30.24.3283

Panda Antivirus

Generic Suspicious

15.11.27.08

Reason Heuristics

PUP.Eorezo.594.Installer (M)

15.11.27.8

Sophos

Generic PUA OB (PUA)

4.98

VIPRE Antivirus

Adware.Eorezo

43314

File size:

425.1 KB (435,289 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\package_speedup_installer_multilang.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:JQiGsGn7dXYwEZrw/05SWKq9kNK8iG48ISnOnjTmeY:JQilSXREJ5SWKqZ8YSnu/mx

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9368

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove package_speedup_installer_multilang.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.