home

(

Downloader

Ruifeng Network Technology Co., Ltd.

The file ( by Ruifeng Network Technology Co. has been detected as adware by 23 anti-malware scanners.
Publisher:
Ruifeng Network Technology Co., Ltd.  (signed and verified)

Product:
Downloader

Version:
6.0.3.9

MD5:
fcc07588c49bceb0f81f546dfe197bf7

SHA-1:
9ae8d96b82639b1b3a96fab7b259965f7373e2ca

SHA-256:
4ccbf9fc3eafd587d90e65124b71fbaa16c017a941a8cb7c2875b0d410088c06

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/24/2024 3:45:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1231378
673

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

Avira AntiVirus
ADWARE/Qjwmonkey.691456
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-150415

AVG
Generic6
2016.0.3139

Bitdefender
Application.Generic.1231378
1.0.20.465

Comodo Security
Application.Win32.Qjwmonkey.ADH
21620

Dr.Web
Adware.Qjwmonkey.7
9.0.1.0105

Emsisoft Anti-Malware
Adware.Agent.PLH
8.15.04.15.03

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.11419

Fortinet FortiGate
Riskware/Qjwmonkey
4/3/2015

F-Secure
Adware.Agent.PLH
11.2015-15-04_4

G Data
Adware.Agent.PLH
15.4.25

herdProtect (fuzzy)
variant of download (1) (Adware)
2015.7.7.22

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15470

Malwarebytes
PUP.Optional.Chad
v2015.04.15.03

McAfee
Artemis!91289404FFA8
5600.6711

MicroWorld eScan
Adware.Agent.PLH
16.0.0.315

Reason Heuristics
PUP.RuifengNetworkTechnologyCo
15.4.24.0

Sophos
Ruifeng
4.98

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.188

VIPRE Antivirus
Adware Trojan.Win32.Generic
38838

File size:
675.3 KB (691,456 bytes)

Product version:
6.0.3.9

Original file name:
Downloader

Language:
kiina (yksinkertaistettu, Kiina)

Common path:
C:\users\{user}\downloads\ (

Digital Signature
Signed by:
Ruifeng Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
1/14/2015 11:05:07 AM

Valid to:
1/14/2016 11:05:07 AM

Subject:
CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata
Compilation timestamp:
3/28/2015 3:42:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:2zAhsY9teZqEmqSHPr6h4jAzJGXCx3eK4jy1aHt:2k3yZpmdHPc6AFGyxf6y1aN

Entry address:
0x156EB

Entry point:
E8, C9, 92, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B8, 9C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 8A, 43, 00, 01, 0F, 82, A8, 94, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Code size:
168.5 KB (172,544 bytes)

Remove ( - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.