home

扑克牌特效展示@177_64996.exe

downloader

Hefei Lewei Information Technology Co.,Ltd.

The application 扑克牌特效展示@177_64996.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 13 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from url.tudown.com and multiple other hosts.
Publisher:
Hefei Lewei Information Technology Co.,Ltd.  (signed and verified)

Product:
downloader

Version:
1.0.2.3

MD5:
a50cefc83739a0b57c4251351be37895

SHA-1:
15c58f4e51a509b90b18c1adf334cb264091020c

SHA-256:
b0ec8a13ebb49b63381be54e6ca1bee7366ff1fced80b24969e0da0cfbfbe623

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:06:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.84
235

AegisLab AV Signature
Gen.Variant.Application!c
2.1.4+

Arcabit
Trojan.Application.Bundler.84
1.0.0.696

Baidu Antivirus
Win32.Adware.Qjwmonkey
4.0.3.16614

Bitdefender
Gen:Variant.Application.Bundler.84
1.0.20.830

Bkav FE
W32.HfsAdware
1.3.0.8085

Dr.Web
Adware.Qjwmonkey.79
9.0.1.0166

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
10.13639

F-Secure
Gen:Variant.Application.Bundler
11.2016-14-06_3

G Data
Gen:Variant.Application.Bundler.84
16.6.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.2.0.9.0

MicroWorld eScan
Gen:Variant.Application.Bundler.84
17.0.0.498

Sophos
QjMonkey (PUA)
4.98

File size:
835 KB (855,024 bytes)

Product version:
1.0.2.3

Original file name:
downloader

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\扑克牌特效展示@177_64996.exe

Digital Signature
Signed by:
Hefei Lewei Information Technology Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
6/13/2016 2:59:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:nwtXWFkgcgFRQBWMY427qFCIWXVNznKBRBq8BZhrnkNUNTgd384:4XqFRYup7Qg9nKBRBLtrnkNUpgd38

Entry address:
0x2CFBD

Entry point:
E8, 57, AF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9D, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, E9, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 93, B0, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0A, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F...
 
[+]

Entropy:
7.0648

Code size:
362.5 KB (371,200 bytes)

The file 扑克牌特效展示@177_64996.exe has been seen being distributed by the following 7 URLs.

http://url.tudown.com/.../Windows@34_147488.exe

http://url.tudown.com/.../Cheat@34_151915.exe

http://count.tudown.com/Download.asp?ID=47330&t=s0&sid=49220

http://url.tudown.com/.../NTLEA - NT Locale Emulator Advance@55_46458.exe

http://url.tudown.com/.../?????????2015@153_7511.exe

http://down10.zol.com.cn/.../haozip_v5.5@81_89734.exe

http://driver.zol.com.cn/down.php?softid=445729&subcatid=121&site=9

Remove 扑克牌特效展示@177_64996.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.