awhfe81.tmp

The file awhfe81.tmp has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from securehost-2.com and multiple other hosts.
MD5:
8d0937a36af0e781102b4b81fc6d1523

SHA-1:
1447b39ea804ff0c1dd1b020c24f451675280b07

SHA-256:
9281a7d2ebac136db09b2071d8668e67d24c9154ea56d48897e1d06746624dfd

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:01:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1282003
620

Agnitum Outpost
PUA.PastaLeads
7.1.1

Avira AntiVirus
ADWARE/PastaLeads.1230872
8.3.1.6

avast!
Adware-gen [Adw]
2014.9-150504

AVG
Adware Generic6
2016.0.3098

Baidu Antivirus
Adware.Win32.PastaLeads
4.0.3.15525

Bitdefender
Application.Generic.1277589
1.0.20.725

Dr.Web
Threat.Undefined
9.0.1.0145

Emsisoft Anti-Malware
Application.Generic.1277589
8.15.08.02.02

ESET NOD32
multiple threats
9.7.0.302.0

Fortinet FortiGate
Riskware/PastaLeads
5/25/2015

F-Secure
Application.Generic.1277589
11.2015-25-05_2

G Data
Application.Generic.1277589
15.5.25

herdProtect (fuzzy)
2015.8.2.2

IKARUS anti.virus
PUA.PastaLeads
t3scan.1.8.9.0

K7 AntiVirus
Riskware
13.204.16019

Malwarebytes
PUP.Optional.PastaLeads.A
v2015.05.25.07

McAfee
Program.Artemis!1F553280135F
5600.6754

MicroWorld eScan
Application.Generic.1277589
16.0.0.435

NANO AntiVirus
Riskware.Win32.Pasta.drovsk
0.30.24.1636

Norman
Application.Generic.1277589
11.20150802

Panda Antivirus
Trj/CI.A
15.05.25.07

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA ML
4.98

SUPERAntiSpyware
Adware.PastaLeads/Variant
9717

Trend Micro House Call
ADW_PASTA
7.2.145

Trend Micro
ADW_PASTA
10.465.25

VIPRE Antivirus
Adware.PastaLeads
40550

File size:
1.2 MB (1,230,872 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\awhfe81.tmp

File PE Metadata
Compilation timestamp:
5/11/2014 4:03:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:BEebOaMyarhL/WvmaozV3qZ4/Fgw1VbuKHYz7E3mE4:6YY9L/W+aw6Z4aw1VAz7E3mE4

Entry address:
0x3217

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9786

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file awhfe81.tmp has been seen being distributed by the following 4 URLs.

Remove awhfe81.tmp - Powered by Reason Core Security