awhe015.tmp

Enchanted Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The file awhe015.tmp by Enchanted Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory.
Publisher:
Enchanted Apps  (signed and verified)

MD5:
f54d86c8e4a27d0b702b605fcda5b35f

SHA-1:
b6b3ce2b5837b8bcc0a6ba9ab19aefd295c502fa

SHA-256:
3e15f62c90924ec7e0232337f8183db41f2b99f5451073accbaa4ff6365b6297

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 12:12:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed (M)
17.2.26.12

File size:
1 MB (1,100,264 bytes)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\awhe015.tmp

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 5:00:00 PM

Valid to:
6/4/2014 4:59:59 PM

Subject:
CN=Enchanted Apps, O=Enchanted Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0AD2FFB9C41506FA798B6D0457ECFD21

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9516  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove awhe015.tmp - Powered by Reason Core Security