avira_antivir_personal_en.exe

Avira GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from www.go4it.ro and multiple other hosts.
Publisher:
Avira GmbH  (signed and verified)

MD5:
dee18d2fffdc2de08a71f6ee71fc2941

SHA-1:
b5e42931023fc289055f354207061694d72edc4a

SHA-256:
d1a9fac551ebe192d8b5e58601215f035c8b45be044a5d0734f9029b24cfab80

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 7:53:31 AM UTC  (today)

File size:
56.6 MB (59,325,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\avira_antivir_personal_en.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/10/2009 7:00:00 PM

Valid to:
2/11/2012 6:59:59 PM

Subject:
CN=Avira GmbH, OU=Development 2009, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Avira GmbH, L=Tettnang, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
75E809361DAFBE7BD72E0E5BB7659552

File PE Metadata
Compilation timestamp:
11/30/2005 4:08:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
786432:dy9YVFG8Kb+mYgT2oo4IPxoRHXOLEi4QiEas38eYC5+xjwV8YEEF3UKkMuFbzf:w9YVA8p74IPxW4Lqs38eY23VVgMuFX

Entry address:
0x1000

Entry point:
E8, B7, 27, 00, 00, 50, E8, CB, 22, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E5, 40, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 42, 43, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, 1C, 25, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, D4, 50, 41, 00, 6A, 65, 56, E8, 62, 24, 01, 00, 6A, 01, 56, E8, 3C, 24, 01, 00...
 
[+]

Entropy:
7.9999  (probably packed)

Code size:
76 KB (77,824 bytes)

The file avira_antivir_personal_en.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file avira_antivir_personal_en.exe has been seen being distributed by the following 3 URLs.

http://www.go4it.ro/.../7883508

http://filez.kappa.ro/download/utilities/.../avira_antivir_personal_en_new.exe

Scan avira_antivir_personal_en.exe - Powered by Reason Core Security