SoftwareUpdateHP.exe

SoftwareHelper

Eorezo

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application SoftwareUpdateHP.exe by Eorezo has been detected as adware by 20 anti-malware scanners. This browser extension displays targeted advertising by monitoring the URLs viewed in the web browser.
Publisher:
Eorezo  (signed and verified)

Product:
SoftwareHelper

Version:
1.0.0.0

MD5:
5ecd3c3b70b6b50f284dbaf6016b2ddf

SHA-1:
e6270511c9583ce735663791bc9b7f77779b0ef4

SHA-256:
a4aafbe39e651d9ca25f522f41b0407c9e6082110ff47b3912e7b344c6d39592

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
11/15/2024 9:20:58 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Adware
7.1.1

AhnLab V3 Security
Adware/Win32.Eorezo
2014.10.15

Avira AntiVirus
Adware/EoRezo.J.2
7.11.178.60

avast!
Win32:PUP-gen [PUP]
2014.9-150129

AVG
Generic4
2016.0.3215

Clam AntiVirus
Win.Adware.Eorezo-84
0.98/21411

ESET NOD32
Win32/Adware.EoRezo (variant)
9.10562

G Data
Win32.Trojan.Agent.SZ2HLO
15.1.24

K7 AntiVirus
Adware
13.183.13676

Malwarebytes
Trojan.Eorezo
v2015.01.29.06

McAfee
Adware-Eorezo
5600.6871

Microsoft Security Essentials
1.11005

NANO AntiVirus
Trojan.Win32.EoRezo.baryav
0.28.2.62671

Quick Heal
AdWare.EoRezo.r5 (Not a Virus)
1.15.14.00

Reason Heuristics
PUP.Eorezo
15.1.29.6

Rising Antivirus
PE:Trojan.Win32.Generic.153F9B82!356490114
23.00.65.15127

Sophos
SoftwareHelper
4.98

Trend Micro House Call
ADW_EOREZO
7.2.29

Trend Micro
ADW_EOREZO
10.465.29

VIPRE Antivirus
Adware.Eorezo.a
33912

File size:
359.6 KB (368,224 bytes)

Product version:
1.0.0.0

Copyright:
(c) EoRezo. All rights reserved.

Original file name:
SoftwareUpdateHP.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\eorezo\softwareupdate\softwareupdatehp.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/14/2008 2:00:00 AM

Valid to:
10/15/2009 1:59:59 AM

Subject:
CN=Eorezo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Eorezo, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5158654305438A3E707630D3BFDE7C69

File PE Metadata
Compilation timestamp:
12/9/2008 10:11:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:B6g4gSX7yaSkzxmInMe6X7Pf8t5tP1ozePCOOdwxXDuTcMqqDLu2EP8O:B6g67HmI/kf8t5tP2gywxzuWqnu2EP9

Entry address:
0x248EB

Entry point:
E8, 44, 88, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, BC, 88, 00, 00, 83, C4, 14, C3, 8B, 4C, 24, 04, 53, 33, DB, 3B, CB, 56, 57, 74, 08, 8B, 7C, 24, 14, 3B, FB, 77, 1B, E8, 8D, 09, 00, 00, 6A, 16, 5E, 89, 30, 53, 53, 53, 53, 53, E8, D2, 4C, 00, 00, 83, C4, 14, 8B, C6, EB, 31, 8B, 74, 24, 18, 3B, F3, 75, 04, 88, 19, EB, D9, 8B, D1, 8A, 06, 88, 02, 42, 46, 3A, C3, 74, 03, 4F, 75, F3, 3B, FB, 75, 10, 88, 19, E8, 51, 09, 00, 00, 6A, 22, 59, 89, 08...
 
[+]

Code size:
224 KB (229,376 bytes)

Remove SoftwareUpdateHP.exe - Powered by Reason Core Security