01c0492e83c788997e8f3484067b3028.exe

3447_obw_istartsurf

Fuyuan Zhou

The application 01c0492e83c788997e8f3484067b3028.exe by Fuyuan Zhou has been detected as adware by 39 anti-malware scanners.
Publisher:
HTabp.com  (signed by Fuyuan Zhou)

Product:
3447_obw_istartsurf

Description:
HTabp

Version:
6.6.86.1606

MD5:
01c0492e83c788997e8f3484067b3028

SHA-1:
d3297d8e4f1f9ada7562edbd4d2acf67ddb0ffc6

SHA-256:
77417c88860aa84198d1a9548a960d6cb2a3cf8849e19fdd2b4e5d008bf242be

Scanner detections:
39 / 68

Status:
Adware

Analysis date:
12/25/2024 2:28:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.SlugIn.A
539

Agnitum Outpost
Win32.Slugin.A
7.1.1

AhnLab V3 Security
Win32/Slugin
2015.05.28

Avira AntiVirus
W32/Slugin.A
8.3.1.6

avast!
Win32:Patched-HO [Trj]
2014.9-150814

AVG
Win32/Slugin.A
2016.0.3017

Baidu Antivirus
Virus.Win32.Patched.$dj
4.0.3.15814

Bitdefender
Win32.SlugIn.A
1.0.20.1130

Bkav FE
W32.OlayFara.PE
1.3.0.6379

Comodo Security
TrojWare.Win32.Patched.Q
22250

Dr.Web
Win32.Wplugin.2
9.0.1.0226

Emsisoft Anti-Malware
Win32.SlugIn
8.15.08.14.10

ESET NOD32
Win32/Slugin
9.11694

Fortinet FortiGate
W32/Wplug.A
8/14/2015

F-Prot
W32/Slugin.B
v6.4.7.1.166

F-Secure
Win32.SlugIn.A
11.2015-14-08_6

G Data
Win32.SlugIn
15.8.25

IKARUS anti.virus
Virus.Win32.Slugin
t3scan.1.9.2.0

K7 AntiVirus
Trojan
13.204.16048

Kaspersky
Virus.Win32.Slugin
14.0.0.1580

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.08.14.10

McAfee
W32/Wplugin
5600.6673

Microsoft Security Essentials
Virus:Win32/Slugin.A
1.1.11701.0

MicroWorld eScan
Win32.SlugIn.A
16.0.0.678

NANO AntiVirus
Virus.Win32.Slugin.ddowbn
0.30.24.1636

Norman
Agent.VDAZ
11.20150814

nProtect
Win32.SlugIn.A
15.05.27.01

Panda Antivirus
Generic Malware
15.08.14.10

Quick Heal
W32.Slugin.A
8.15.14.00

Reason Heuristics
PUP.FuyuanZhou (M)
15.8.14.22

Rising Antivirus
PE:Win32.Agent.ey!1474842
23.00.65.15812

Sophos
W32/Slugin-A
4.98

Total Defense
Win32/Slugin.A
37.1.62.1

Trend Micro House Call
PE_WPLUG.A
7.2.226

Trend Micro
PE_WPLUG.A
10.465.14

Vba32 AntiVirus
Trojan.Patched.dj
3.12.26.4

VIPRE Antivirus
Virus.Win32.Slugin.a
40600

ViRobot
Win32.Patched.N[h]
2014.3.20.0

Zillya! Antivirus
Virus.Slugin.Win32.1
2.0.0.2191

File size:
930.7 KB (952,993 bytes)

Product version:
6.6.86.1606

Copyright:
Copyright (C) HTabp.com 2010

Original file name:
HTabp.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 8:00:00 AM

Valid to:
1/20/2016 8:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08CA606335C89594E0B8D9706948A708

File PE Metadata
Compilation timestamp:
3/31/2015 3:45:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:g/NAXBvXKouRKH2n+tm1h/a14HpXrr8fywqVXTm2o4zkI4zkI4zkM:mNgvZuRJnBO1qpXEfylRTmqkBkBkM

Entry address:
0x29EB7

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 77, 01, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 77, 01, 89, 45, 00, 8B, 83, B3, 4B, 77, 01, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 77, 01, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 77, 01, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 77, 01, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Entropy:
6.4630

Packer / compiler:
ASPack v1.08.04

Code size:
468.5 KB (479,744 bytes)

Remove 01c0492e83c788997e8f3484067b3028.exe - Powered by Reason Core Security