0agrj1.exe

2691_obw_omniboxes

Fuyuan Zhou

The application 0agrj1.exe by Fuyuan Zhou has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 113.171.224.166 and multiple other hosts.
Publisher:
TabMain  (signed by Fuyuan Zhou)

Product:
2691_obw_omniboxes

Description:
TabMain

Version:
6.3.76.1526

MD5:
c7e9d79dc366517fbdf3dc3f25583351

SHA-1:
9cffa445d314ae020e704ff2af058d6a2facb419

SHA-256:
d06b2cbbe2f4d7bba1c95c20af1657e9f079c40d2066b2ac4553e13717ac2b6e

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/24/2024 6:40:04 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.220
9.0.1.0157

ESET NOD32
Win32/ELEX.CF potentially unwanted application
9.7.0.302.0

Malwarebytes
PUP.Optional.MyStartSearch.A
v2015.06.06.01

Reason Heuristics
PUP.FuyuanZhou
15.2.15.8

Sophos
PUA 'Elex' (of type Adware)
5.14

File size:
519.6 KB (532,064 bytes)

Product version:
6.3.76.1526

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0agrj1.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B378A1487E66949A44C8CAE23820481

File PE Metadata
Compilation timestamp:
2/13/2015 2:45:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:OQ1TFjFLx7Kd/NBer9zXtGBUt9w8Lmto642TdKhz:OgpLx7ueZz9GBN8Lqo6PTdKhz

Entry address:
0x2A8CE

Entry point:
E8, E1, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 70, A5, 45, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 34, A1, 45, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05...
 
[+]

Code size:
355.5 KB (364,032 bytes)

The file 0agrj1.exe has been seen being distributed by the following 3 URLs.

http://113.171.224.166/.../obw_omniboxes.exe

Remove 0agrj1.exe - Powered by Reason Core Security