» awh21e4.tmp
Overview
Analysis
File Details

awh21e4.tmp

Rollnon

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file awh21e4.tmp by Rollnon has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. It is also typically executed from the user's temporary directory.

File name:

awh21e4.tmp

Publisher:

Rollnon (signed and verified)

MD5:

61b494d60419aaefcf67b06903f03ec6

SHA-1:

4d3edf22d1e197b3c6a345a4e7fc8eebd5c14669

SHA-256:

5ad18400a7155f2d4a314b1234e15dcc9401b421d3b4a1eef36f07d7551fecdb

Scanner detections:

12 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/23/2024 4:25:15 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Verti

8.10228

IKARUS anti.virus

AdWare.PricePeep

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.183.12998

Malwarebytes

PUP.Optional.Boost.A

v2014.10.16.03

McAfee

Artemis!61B494D60419

5600.6975

Reason Heuristics

PUP.Rollnon.K

14.10.16.15

Rising Antivirus

PE:Trojan.Win32.Generic.1719B5D4!387560916

23.00.65.141014

Sophos

Generic PUA EN

4.98

Trend Micro House Call

ADW_PRICEPEEP

7.2.289

Trend Micro

ADW_PRICEPEEP

10.465.16

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Blinkx/LeadImpact

32064

File size:

881.9 KB (903,072 bytes)

Bundler/Installer:

Verti Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\awh21e4.tmp

Digital Signature

Signed by:

Rollnon

Authority:

VeriSign, Inc.

Valid from:

4/2/2014 1:00:00 AM

Valid to:

4/3/2015 12:59:59 AM

Subject:

CN=Rollnon, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rollnon, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38DB31E5040834D048DA19B96D864789

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:lctF6/cNljIME2nuuJw7t/5iWEXj3lEjeL:KtF6qIMeR5FEz3lo8

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.6556

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove awh21e4.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.