0pljatvnq1.exe

4914_2sq_oursurfing

Thinknice Co., Limited

The application 0pljatvnq1.exe by Thinknice Co., Limited has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Thinknice Co., Limited  (signed and verified)

Product:
4914_2sq_oursurfing

Description:
Installer Module

Version:
1, 0, 0, 1

MD5:
8fb5f57bc1868131899efa3c362bba4e

SHA-1:
29f088b80f6eaf60565fbf03676ee1feaab66637

SHA-256:
037dd32a050ec10cd2aca8a354b7c90b9f1b97ab23b64bb2a91a35f13b65bcd5

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/27/2024 4:52:58 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Oncer
2014.9-151007

Dr.Web
Win32.Runonce.6652
9.0.1.0280

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

Malwarebytes
PUP.Optional.OurSeaching
v2015.10.07.09

Reason Heuristics
PUP.Thinknice.ThinkniceCo.Installer (M)
15.9.29.23

VIPRE Antivirus
Threat.219451
43798

File size:
536.1 KB (548,984 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0pljatvnq1.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 6:18:26 AM

Valid to:
10/21/2015 5:26:52 AM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112170C8A859FAC5632237A13A696FA39819

File PE Metadata
Compilation timestamp:
9/11/2015 6:27:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:wTwsAln1giCPA6W8XHFlrZtTVq2QBOiVuAC91hrrrrIy:MDbPW+pZtYlBOigAC91Wy

Entry address:
0x2E557

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
344 KB (352,256 bytes)

The file 0pljatvnq1.exe has been seen being distributed by the following URL.

Remove 0pljatvnq1.exe - Powered by Reason Core Security