avira_free_antivirus_en.exe

Avira Operations GmbH & Co. KG

This is a setup program which is used to install the application. The file has been seen being downloaded from storage1.dms.mpinteractiv.ro and multiple other hosts.
Publisher:
Avira Operations GmbH & Co. KG  (signed and verified)

MD5:
a8133c30054702a023cf3dc9bbda348c

SHA-1:
307e7ae762f9e3ccaecd9aa141ed368214e10423

SHA-256:
671283b16aa15d90d7785616f64e5d7ea9e1224f4adc5d73f8d4614cf3f54672

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 12:56:26 PM UTC  (today)

File size:
99.2 MB (103,981,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\avira_free_antivirus_en.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/20/2011 3:00:00 AM

Valid to:
7/20/2014 2:59:59 AM

Subject:
CN=Avira Operations GmbH & Co. KG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Avira Operations GmbH & Co. KG, L=Tettnang, S=Baden Wuerttemberg, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54971FF238D2B866F27FC3FE6C9AD577

File PE Metadata
Compilation timestamp:
11/30/2005 12:08:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
3145728:C6aETaybMQDt6wwEzKv6phWdkhQ8PI3aF/ulrUuNS5K:C6XTRwEAEGv6pLCiI3/S5K

Entry address:
0x1000

Entry point:
E8, B7, 27, 00, 00, 50, E8, CB, 22, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E5, 40, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 42, 43, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, 1C, 25, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, D4, 50, 41, 00, 6A, 65, 56, E8, 62, 24, 01, 00, 6A, 01, 56, E8, 3C, 24, 01, 00...
 
[+]

Entropy:
7.9999  (probably packed)

Code size:
76 KB (77,824 bytes)

The file avira_free_antivirus_en.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file avira_free_antivirus_en.exe has been seen being distributed by the following 7 URLs.

http://storage1.dms.mpinteractiv.ro/media/2/84/12690/10278848/.../avira-free-antivirus-en.exe

http://80.190.148.75/package/wks_avira/win32/en/.../avira_free_antivirus_en.exe

Scan avira_free_antivirus_en.exe - Powered by Reason Core Security