0agrj0.exe

VERISTAFF.COM LTD

The application 0agrj0.exe by VERISTAFF.COM has been detected as adware by 14 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gogeneral.blob.core.windows.net.
Publisher:
VERISTAFF.COM LTD  (signed and verified)

MD5:
fae94dc1a2ca5526ba048b639d23dcb1

SHA-1:
7cc4a542591b667cae43fce064d3c40a260ad90a

SHA-256:
02bc6ab779b5d939997fd2ead82c65940415243e96968f76043f70912ce79bb0

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/27/2024 1:16:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.@xX@gHJcMZdO
794

Avira AntiVirus
Adware/Agent.10591776
7.11.188.28

Baidu Antivirus
Trojan.Win32.MsiDrop
4.0.3.14123

Bitdefender
Gen:Adware.Heur.@xX@gHJcMZdO
1.0.20.1685

Emsisoft Anti-Malware
Gen:Adware.Heur.@xX@gHJcMZdO
8.14.12.03.01

ESET NOD32
Win32/TrojanDropper.MsiDrop (variant)
8.10763

Fortinet FortiGate
W32/MsiDrop.B!tr
12/3/2014

F-Secure
Gen:Adware.Heur.@xX@gHJcMZdO
11.2014-03-12_4

G Data
Gen:Adware.Heur.@xX@gHJcMZdO
14.12.24

McAfee
Artemis!BCD181639098
5600.6928

MicroWorld eScan
Gen:Adware.Heur.@xX@gHJcMZdO
15.0.0.1011

Reason Heuristics
PUP.VERISTAFFCOM.G
14.12.4.0

Trend Micro House Call
Suspicious_GEN.F47V1120
7.2.337

VIPRE Antivirus
Trojan.Win32.Generic
35012

File size:
10.1 MB (10,564,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0agrj0.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
9/14/2014 9:00:00 PM

Valid to:
9/15/2015 8:59:59 PM

Subject:
CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata
Compilation timestamp:
11/9/2014 1:39:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:AJI16xklyNhaubiWtXoTDHklEUwpoucw6K3npiYvdNv9l:YI1rLuuWspUwuXwhpPN

Entry address:
0xB189

Entry point:
E8, F8, 6B, 00, 00, E9, 95, FE, FF, FF, FF, 35, 90, 31, 42, 4F, FF, 15, 84, A0, 41, 4F, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 6D, 3E, 00, 00, 6A, 01, 6A, 00, E8, 63, 2E, 00, 00, 83, C4, 0C, E9, 28, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B...
 
[+]

Code size:
99 KB (101,376 bytes)

The file 0agrj0.exe has been seen being distributed by the following URL.

Remove 0agrj0.exe - Powered by Reason Core Security