avredirector.exe

AVSoftware EOOD

The software installer uses the StartInstall.com download manager which bundles additional adware offers (toolbars and utilities such as the SafeSearch toolbar) during setup. The application avredirector.exe by AVSoftware EOOD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “AVRedirector”.
Publisher:
AVSoftware EOOD  (signed and verified)

MD5:
2531e579dba1ee97f6eff14a1e2c067d

SHA-1:
2b1ce0bfc53cf312351edad68894a93f796015d9

SHA-256:
b2c0fa8b29128d070d3e8da6e057c61e4c3ca0cfec16f6ee2d9a6561f8e95ea6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 12:30:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.AVSoftware EOOD
15.2.18.12

File size:
2.3 MB (2,381,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hide the ip 2010\avredirector.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/11/2009 1:00:00 AM

Valid to:
5/12/2010 12:59:59 AM

Subject:
CN=AVSoftware EOOD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AVSoftware EOOD, L=Gabrovo, S=Gabrovo, C=BG

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37BC40AA80D517CAC12E4CB37407D455

File PE Metadata
Compilation timestamp:
11/26/2009 2:22:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ciBkMr6zFdP4W3gtK438yxN1RT4p9WSA7zoBBVNMY:z6zFdP4W3gtK68yxN1D

Entry address:
0xAD08B

Entry point:
55, 8B, EC, 6A, FF, 68, 10, D2, 5B, 00, 68, 0C, E8, 4A, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 70, 7A, 62, 00, 33, D2, 8A, D4, 89, 15, 2C, 27, 62, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 28, 27, 62, 00, C1, E1, 08, 03, CA, 89, 0D, 24, 27, 62, 00, C1, E8, 10, A3, 20, 27, 62, 00, 6A, 01, E8, 91, 33, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, A1, 14, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.9827

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
1.7 MB (1,802,240 bytes)

Service
Display name:
AVRedirector

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove avredirector.exe - Powered by Reason Core Security