AVRedirector.EXE

AVRedirector

AVSoftware EOOD

The software installer uses the StartInstall.com download manager which bundles additional adware offers (toolbars and utilities such as the SafeSearch toolbar) during setup. The application AVRedirector.EXE by AVSoftware EOOD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “AVRedirector”.
Publisher:
AVSoftware EOOD  (signed and verified)

Product:
AVRedirector

Version:
1, 0, 0, 1

MD5:
e30e908644079f553ea09a3651c197ff

SHA-1:
cc6bce425d550a3cb5d7f6cd95333012d21aaff0

SHA-256:
d8d0080e5a914a3ec736e72442306d4ce9c839f9a7934fb2059151b94ddc53ca

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:02:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.AVSoftwareEOOD.M
14.2.16.4

File size:
721.3 KB (738,632 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2007

Original file name:
AVRedirector.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\invisible ip map\avredirector.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/11/2009 1:00:00 AM

Valid to:
5/12/2010 12:59:59 AM

Subject:
CN=AVSoftware EOOD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AVSoftware EOOD, L=Gabrovo, S=Gabrovo, C=BG

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
37BC40AA80D517CAC12E4CB37407D455

File PE Metadata
Compilation timestamp:
5/11/2009 11:33:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:prdQZBs2rdy+zR2VoEaxaK+uae00BbSL:nQZBs2rdycR27uaDv/0tSL

Entry address:
0x66D80

Entry point:
55, 8B, EC, 6A, FF, 68, 68, CA, 48, 00, 68, B8, 92, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 10, 68, 4A, 00, 33, D2, 8A, D4, 89, 15, 64, 3A, 4A, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 60, 3A, 4A, 00, C1, E1, 08, 03, CA, 89, 0D, 5C, 3A, 4A, 00, C1, E8, 10, A3, 58, 3A, 4A, 00, 6A, 01, E8, 79, 46, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, BC, 16, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
548 KB (561,152 bytes)

Service
Display name:
AVRedirector

Type:
Win32OwnProcess


Remove AVRedirector.EXE - Powered by Reason Core Security