eam-tr.exe

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EAM Trial Reset’. The file has been seen being downloaded from doc-0g-3k-docs.googleusercontent.com and multiple other hosts.
Description:
Emsisoft Anti-Malware Trial Reset - BBs

Version:
1.1.0.0

MD5:
df22c44489522221e30517dc559b627c

SHA-1:
56d0b8e973f59b731a5af8e58aa6fefa74436f93

SHA-256:
ba4d643d65564b176d8ecf4d8e9c1b9469be39474258cd71008b991df126722a

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 10:18:58 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt.Win32.CrackTool.Agent.~a
17469

McAfee
Artemis!DF22C4448952
5600.7276

Norman
Suspicious_Gen4.CWIOL
11.20131220

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6
23.00.65.131218

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
24532

File size:
349 KB (357,337 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\eam-tr.exe

File PE Metadata
Compilation timestamp:
4/16/2010 4:47:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:l1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59YePxm8nSORsS:ljkArEN249AyE/rbaMct4bO2/V5H

Entry address:
0xB5C80

Entry point:
60, BE, 00, 40, 47, 00, 8D, BE, 00, D0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
264 KB (270,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EAM Trial Reset

Command:
"C:\Program Files\eam-tr.exe" \autoreset


The file eam-tr.exe has been discovered within the following program.

Emsisoft Anti-Malware  by Emsisoft GmbH
Emsisoft Anti-Malware (formerly named a-squared Anti-Malware) is a antivirus and antispyware protection suite developed by Austria-based Emsisoft GmbH.
www.emsisoft.com/en/software/antimalware
8% remove it
 
Powered by Should I Remove It?

The file eam-tr.exe has been seen being distributed by the following 5 URLs.

Scan eam-tr.exe - Powered by Reason Core Security