Reason Labs

e00e445e-04eb-40fa-8c19-5f42e9ab2ed5.tmp

The file e00e445e-04eb-40fa-8c19-5f42e9ab2ed5.tmp has been detected as PUP.Bundler.
MD5:
ad185260e11221335b3f97e1f722b001

SHA-1:
7b2d5839eff2c6291c8faaa972c532a8964428f5

SHA-256:
1d9545372e2951d3a9571a23b857ef4c13650a019f1338432403dcb5ebda8c26

Detection:
PUP.Bundler

Risk:
Medium

Explanation:
This is an installer that bundles unwanted offers.

Analysis date:
12/12/2018 11:20:07 AM UTC  (today)

File size:
37.4 MB (39,242,267 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\avira\launcher\temp\2713f7de-cd27-4f27-9600-63d735e386df\e00e445e-04eb-40fa-8c19-5f42e9ab2ed5.tmp

File PE Metadata
Compilation timestamp:
2/3/2016 11:38:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1E64B

Entry point:
E8, DF, 65, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 94, C8, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 94, C8, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 94, C8, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6A, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9995  (probably packed)

Characteristics:
0x259

Code size:
166 KB (169,984 bytes)

There are numerous known code variantions that share the same compilation structure.

PUP.Bundler
andy android @zonagamers.exe  (11f5c5fc7fc13d4796aefb0b5976277befd62888)

Threat.Generic.Variant
wrar531.exe  (df6bc9cf94f64c04725f9b8ad7a41584dd363dc9)

PUP.Bundler
cf2c4cf3-2a6e-4130-9c0e-2e415556cd31.tmp  (94274688fc4d35feb2ea46cb578b359358cf7407)

PUP.Bundler
minecraft shaders & optifine 1.7.2.exe  (ba0a50422db43c7c2eecc371dd6a23c7a13f526a)

Threat.Generic.Variant
autocad_architecture_2017_english_win_32_64bit_wi_en-us_setup.exe  (8f558b7cb3dc4771eb6f80a1c63b7a6e7273243a)

Threat.Generic.Variant
wrar531.exe  (4c32728dcab2fb6e0ed6ca6eebe978be2f59dbd4)

Threat.Generic.Variant
wrar531.exe  (e10feb2bdbe79a229233e2bf9bf50106c72107e6)

Threat.Generic.Variant
wrar531.exe  (6a3bb7b0b82b7f0387a65538f5f1aab2231e8d68)

PUP.Bundler
e17aq0om.exe  (0a523dd21012d8d27d2b7e59ff0fe950ee136464)

Threat.Generic.Variant
wrar531.exe  (70d9abf4b329bf95a18e49f57cd886dba362fd16)

PUP.Bundler
wispow freepiano.exe  (7f5001e73d2b7c4c161abe83840680228fc20343)

Threat.Generic.Variant
wrar531.exe  (68c64d11db774e82e1ffc60a4228b1e5fc794bbd)

PUP.Bundler
لم يتم تأكيده 813766.crdownload  (e23f4d098a3413ead00730845dde8555979e6928)

Threat.Generic.Variant
wrar531.exe  (823dc0d2f4f653453e5f6f90a007e96c7db8bdce)

PUP.Bundler
avira_antivirus_154de-de.exe  (9f752737212a390ae02b071d835f7e728fa8e221)

Download Reason Core Security - Powerful anti-malware software