home

0qfdcmepqtg==1.exe

4130_obw_istartsurf

Fuyuan Zhou

The application 0qfdcmepqtg==1.exe by Fuyuan Zhou has been detected as adware by 14 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Synergy (32-bit)  (signed by Fuyuan Zhou)

Product:
4130_obw_istartsurf

Description:
Synergy (32-bit)

Version:
6.3.7700.1011

MD5:
6148ba93488636f8a9f1e8e1b42a29ea

SHA-1:
487e4db244ec05460856805826c2ac54a43d0712

SHA-256:
2e6765964272b5a805b581e8a0606f08941326a81ca86dfd563e1a22beccfb7d

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/23/2024 7:23:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
567

Arcabit
Application.Elex.1
1.0.0.425

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15717

Bitdefender
Gen:Application.Elex.1
1.0.20.990

Dr.Web
Adware.Mutabaha.573
9.0.1.0198

ESET NOD32
Win32/ELEX.EC potentially unwanted (variant)
9.11956

F-Secure
Gen:Application.Elex.1
11.2015-17-07_6

G Data
Gen:Application.Elex
15.7.25

K7 AntiVirus
Adware
13.207.16601

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.07.17.07

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.594

Panda Antivirus
Trj/Genetic.gen
15.07.17.07

Reason Heuristics
PUP.FuyuanZhou (M)
15.7.17.19

SUPERAntiSpyware
PUP.MyStartSearch/Variant
9747

File size:
406.1 KB (415,840 bytes)

Product version:
6.3.7700.1011

Copyright:
Synergy (32-bit) 2015

Original file name:
Synergy.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0qfdcmepqtg==1.exe

Digital Signature
Signed by:
Fuyuan Zhou

Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05BF5E9600D59EE9CB02166FF1F03A70

File PE Metadata
Compilation timestamp:
6/10/2015 10:25:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Y6xoSLel0vhUG3+80LQ5OGcAejXQSVGb9h9hnYXxfLB:Y6uY40vhd+HLgtnYXxl

Entry address:
0x38610

Entry point:
E8, EC, D4, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 9C, 4D, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 08, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 9C, 4D, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00...
 
[+]

Code size:
323 KB (330,752 bytes)

The file 0qfdcmepqtg==1.exe has been seen being distributed by the following URL.

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe

Remove 0qfdcmepqtg==1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.