» usrf.exe
Overview
Analysis
File Details

usrf.exe

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application usrf.exe by Agence Exclusive has been detected as a potentially unwanted program by 22 anti-malware scanners.

File name:

usrf.exe

Publisher:

Agence Exclusive (signed and verified)

MD5:

d60344300206012677d6dcd3375fe4f2

SHA-1:

daa222c7ccf4100e492d2c055e357db3ef4a1ceb

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:30:10 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Adware

7.1.1

Avira AntiVirus

Adware/Adseo.3.1

7.11.89.38

Bitdefender

Application.Generic.390309

1.0.20.1550

Comodo Security

ApplicUnwnt

16558

Dr.Web

Trojan.DownLoad3.24230

9.0.1.0310

Emsisoft Anti-Malware

Application.Generic.390309

8.15.11.06.10

ESET NOD32

Win32/Adware.EoRezo

9.8536

Fortinet FortiGate

W32/EoRezo.Y

11/6/2015

G Data

Application.Generic.390309

15.11.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.3.0

Kaspersky

not-a-virus:AdWare.Win32.Eorezo

14.0.0.1163

Malwarebytes

Adware.Eorezo

v2015.11.06.10

McAfee

Artemis!D60344300206

5600.6590

NANO AntiVirus

Trojan.Win32.EoRezo.bmminz

0.24.0.53304

nProtect

Trojan-Clicker/W32.Eorezo.12128.C

13.07.05.04

Panda Antivirus

Trj/OCJ.D

15.11.06.10

Reason Heuristics

PUP.Eorezo.AgenceExclusive (M)

15.11.6.10

Sophos

EoRezo Adware

4.90

Trend Micro House Call

TROJ_GEN.R0CBB01FH13

7.2.310

Trend Micro

PAK_Generic.001

10.465.06

Vba32 AntiVirus

AdWare.Eorezo

3.12.22.2

VIPRE Antivirus

Trojan.Win32.Generic

19366

File size:

11.8 KB (12,128 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\pctuto\updatepctuto\software\frsu\4.0.0.3413411\usrf.exe

Digital Signature

Signed by:

Agence Exclusive

Authority:

VeriSign, Inc.

Valid from:

1/19/2011 1:00:00 AM

Valid to:

1/23/2012 12:59:59 AM

Subject:

CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata

Compilation timestamp:

12/7/2011 6:18:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

192:O0GLx/DJQ8rhYkQ4LZmK1aLVCsXI6u7Br9ZCspE+TMIr3/bjOg+vtwJrki:cx7r84wK1aLVCx6LeME/bj+i

Entry address:

0x6CF0

Entry point:

60, BE, 00, 60, 40, 00, 8D, BE, 00, B0, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

4 KB (4,096 bytes)

Remove usrf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.