0e675466b8afe2bde6469bd0e5707483.exe

3447_obw_istartsurf

Fuyuan Zhou

The application 0e675466b8afe2bde6469bd0e5707483.exe by Fuyuan Zhou has been detected as adware by 39 anti-malware scanners.
Publisher:
HTabp.com  (signed by Fuyuan Zhou)

Product:
3447_obw_istartsurf

Description:
HTabp

Version:
6.6.86.1606

MD5:
0e675466b8afe2bde6469bd0e5707483

SHA-1:
6c548117e616e88e5aba9a3ed5130232d7c56145

SHA-256:
77e3d6419e2f009a84fdaa351142191903cf1b9dc7bad35be2c9e9a9e6b4f619

Scanner detections:
39 / 68

Status:
Adware

Analysis date:
12/25/2024 2:05:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.SlugIn.A
536

Agnitum Outpost
Win32.Slugin.A
7.1.1

AhnLab V3 Security
Win32/Slugin
2015.05.29

Avira AntiVirus
W32/Slugin.A
8.3.1.6

avast!
Win32:Patched-HO [Trj]
2014.9-150817

AVG
Win32/Slugin.A
2016.0.3014

Baidu Antivirus
Virus.Win32.Patched.$dj
4.0.3.15817

Bitdefender
Win32.SlugIn.A
1.0.20.1145

Bkav FE
W32.OlayFara.PE
1.3.0.6379

Comodo Security
TrojWare.Win32.Patched.Q
22262

Dr.Web
Win32.Wplugin.2
9.0.1.0229

Emsisoft Anti-Malware
Win32.SlugIn
8.15.08.17.01

ESET NOD32
Win32/Slugin
9.11702

Fortinet FortiGate
W32/Wplug.A
8/17/2015

F-Prot
W32/Slugin.B
v6.4.7.1.166

F-Secure
Win32.SlugIn.A
11.2015-17-08_2

G Data
Win32.SlugIn
15.8.25

IKARUS anti.virus
Virus.Win32.Slugin
t3scan.1.9.2.0

K7 AntiVirus
Trojan
13.204.16065

Kaspersky
Virus.Win32.Slugin
14.0.0.1567

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.08.17.01

McAfee
W32/Wplugin
5600.6670

Microsoft Security Essentials
Virus:Win32/Slugin.A
1.1.11701.0

MicroWorld eScan
Win32.SlugIn.A
16.0.0.687

NANO AntiVirus
Virus.Win32.Slugin.ddowbn
0.30.24.1636

Norman
Agent.VDAZ
11.20150817

nProtect
Win32.SlugIn.A
15.05.28.01

Panda Antivirus
Generic Malware
15.08.17.01

Quick Heal
W32.Slugin.A
8.15.14.00

Reason Heuristics
PUP.FuyuanZhou (M)
15.8.17.13

Rising Antivirus
PE:Win32.Agent.ey!1474842
23.00.65.15815

Sophos
W32/Slugin-A
4.98

Total Defense
Win32/Slugin.A
37.1.62.1

Trend Micro House Call
PE_WPLUG.A
7.2.229

Trend Micro
PE_WPLUG.A
10.465.17

Vba32 AntiVirus
Trojan.Patched.dj
3.12.26.4

VIPRE Antivirus
Virus.Win32.Slugin.a
40644

ViRobot
Win32.Patched.N[h]
2014.3.20.0

Zillya! Antivirus
Virus.Slugin.Win32.1
2.0.0.2193

File size:
1.2 MB (1,233,454 bytes)

Product version:
6.6.86.1606

Copyright:
Copyright (C) HTabp.com 2010

Original file name:
HTabp.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 8:00:00 AM

Valid to:
1/20/2016 8:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08CA606335C89594E0B8D9706948A708

File PE Metadata
Compilation timestamp:
3/31/2015 3:45:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:1Ngv8uRJnBO1qpXEfylRTmqkBkBkBkBkBkw:/gUuRJ/pjjTmqEEEEE1

Entry address:
0x29EB7

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 77, 01, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 77, 01, 89, 45, 00, 8B, 83, B3, 4B, 77, 01, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 77, 01, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 77, 01, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 77, 01, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Entropy:
6.4719

Packer / compiler:
ASPack v1.08.04

Code size:
468.5 KB (479,744 bytes)

Remove 0e675466b8afe2bde6469bd0e5707483.exe - Powered by Reason Core Security