awh21e4.tmp

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file awh21e4.tmp by Rollnon has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Rollnon  (signed and verified)

MD5:
61b494d60419aaefcf67b06903f03ec6

SHA-1:
4d3edf22d1e197b3c6a345a4e7fc8eebd5c14669

SHA-256:
5ad18400a7155f2d4a314b1234e15dcc9401b421d3b4a1eef36f07d7551fecdb

Scanner detections:
12 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/23/2024 11:12:26 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Verti
8.10228

IKARUS anti.virus
AdWare.PricePeep
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.183.12998

Malwarebytes
PUP.Optional.Boost.A
v2014.10.16.03

McAfee
Artemis!61B494D60419
5600.6975

Reason Heuristics
PUP.Rollnon.K
14.10.16.15

Rising Antivirus
PE:Trojan.Win32.Generic.1719B5D4!387560916
23.00.65.141014

Sophos
Generic PUA EN
4.98

Trend Micro House Call
ADW_PRICEPEEP
7.2.289

Trend Micro
ADW_PRICEPEEP
10.465.16

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Blinkx/LeadImpact
32064

File size:
881.9 KB (903,072 bytes)

Bundler/Installer:
Verti Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\awh21e4.tmp

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/2/2014 1:00:00 AM

Valid to:
4/3/2015 12:59:59 AM

Subject:
CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38DB31E5040834D048DA19B96D864789

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:lctF6/cNljIME2nuuJw7t/5iWEXj3lEjeL:KtF6qIMeR5FEz3lo8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6556

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove awh21e4.tmp - Powered by Reason Core Security