of_fr-i3-wajam_chk_0_245.exe

technologiesaintdenis.com

The application of_fr-i3-wajam_chk_0_245.exe by technologiesaintdenis.com has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Open Downloader Manager by Installer Technology Co which is a potentially unwanted software program. The file has been seen being downloaded from www.wajam-download.com and multiple other hosts.
Publisher:
technologiesaintdenis.com  (signed and verified)

MD5:
9cbebfa37d8f3f25831044403c028016

SHA-1:
fdc7793d9d0499ffbfea1bf316e36d5abd43d271

SHA-256:
c483342f58a2eaf0be5ef78db2d9d480925d3ec1d66826840210258e05f51f03

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:58:00 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Wajam
4.0.3.1549

Dr.Web
Adware.Searcher.2792
9.0.1.099

ESET NOD32
Win32/Wajam.K potentially unwanted
9.11448

G Data
Win32.Application.Agent.O80155
15.4.25

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.09.05

McAfee
Artemis!9CBEBFA37D8F
5600.6800

Panda Antivirus
Trj/CI.A
15.04.09.05

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0406
7.2.99

VIPRE Antivirus
Wajam
39190

Zillya! Antivirus
Trojan.Win32.1DB12147
2.0.0.2132

File size:
2.4 MB (2,502,928 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\of_fr-i3-wajam_chk_0_245.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
2/9/2015 1:00:00 AM

Valid to:
2/10/2016 12:59:59 AM

Subject:
CN=technologiesaintdenis.com, OU=Software Development, O=technologiesaintdenis.com, L=Montreal, S=Quebec, C=CA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5C8520910142CFB327393EC3AF836FDB

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:xO8NaEDyHcc8zv09thxXDNL4Y5laYDJB42+8q:I8NaE28c8zy5pL4Y5f9WJ

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file of_fr-i3-wajam_chk_0_245.exe has been discovered within the following program.

Open Downloader Manager  by Installer Technology Co
ODM is a download manager that plugs into various web browsers (IE, Chrome and Firefox). The installer is designed to bundle and offer various additional offers including toolbars and other potentially harmful programs.
opendownloadmanager.com
73% remove it
 
Powered by Should I Remove It?

The file of_fr-i3-wajam_chk_0_245.exe has been seen being distributed by the following 4 URLs.

http://www.wajam-download.com/.../WIE_2.30.2.13.exe

Remove of_fr-i3-wajam_chk_0_245.exe - Powered by Reason Core Security