超级兔子2013 2.0.0.3_3@2636.exe

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The application 超级兔子2013 2.0.0.3_3@2636.exe by Riyue Tongxing Information Technology (Beijing) Co.,Ltd has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from c5.72zx.com and multiple other hosts.
Product:
downer for windows

Version:
1.3.1.14

MD5:
c80758fbf3932987ecb195198a00c884

SHA-1:
797e719f0f1f50dc4edeba1385d5404d5c39a6b7

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:44:20 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Adware.W32.Agent!c
2.1.4+

Avira AntiVirus
TR/Dldr.Banload.rxdk
8.3.3.4

avast!
Win32:Malware-gen
2014.9-160409

AVG
Generic
2017.0.2779

Dr.Web
Adware.Downware.14102
9.0.1.0100

ESET NOD32
Win32/Gaofenquming.B potentially unwanted (variant)
10.13301

G Data
Win32.Application.RiyueDowner
16.4.25

IKARUS anti.virus
PUA.Gaofenquming
t3scan.2.0.9.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.389

Panda Antivirus
Generic Suspicious
16.04.09.05

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16407

Sophos
Generic PUA HJ (PUA)
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
48470

File size:
2.6 MB (2,746,704 bytes)

Product version:
1.3.1.14

Copyright:
Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:
downer

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\超级兔子2013 2.0.0.3_3@2636.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/2/2015 4:43:59 PM

Valid to:
11/2/2016 4:43:59 PM

Subject:
CN="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", O="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", STREET="B801A,8F,Block B,S&T Fortune Center,No.8,Xueqing Road,Haidian District", PostalCode=100083, L=Beijing, S=Beijing, C=CN, SERIALNUMBER=110108011321704, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Beijing, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN

Issuer:
CN=WoSign EV Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
52DC4C31F7609AF339EF3228BD510B83

File PE Metadata
Compilation timestamp:
2/16/2016 9:42:14 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:9PYp9E+NnloEKQQHY0GIiThUmN1fB4SHUm4EXqLDd1dX:lYfloEhv1hbDUmn6/d1dX

Entry address:
0x794800

Entry point:
60, BE, 00, 00, 90, 00, 8D, BE, 00, 10, B0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9087

Packer / compiler:
UPX 2.90LZMA

Code size:
2.6 MB (2,707,456 bytes)

The file 超级兔子2013 2.0.0.3_3@2636.exe has been seen being distributed by the following 9 URLs.

http://c5.72zx.com/download/.../ENGINEER Wildfire)_18@25697.exe

http://tga.pcgames.com.cn/adpuba/click?adid=377245&id=pcgames.xiazai.feishouye.zbanner.&__uuid=3022&url=http://ftp16-dg.pcgames.com.cn/pub/download/ftpdown/gamepack/gameapp/downer_20/.../downer_20.exe

http://ftp16-dg.pcgames.com.cn/pub/download/ftpdown/gamepack/gameapp/downer_20/.../downer_20.exe

Remove 超级兔子2013 2.0.0.3_3@2636.exe - Powered by Reason Core Security