夫妻成长日记下载@2119_1005710.exe

Downloader

Shanghai Yishen Network Technology Co., Ltd.

The application 夫妻成长日记下载@2119_1005710.exe by Shanghai Yishen Network Technology Co. has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising The file has been seen being downloaded from down.xiazai2.net and multiple other hosts.
Publisher:

Product:
Downloader

Version:
6.0.0.1

MD5:
76c7528e4ba50c392aa7811f0744886a

SHA-1:
d2138e3b02c9709b2ea7d9406370a0dcb0f25209

SHA-256:
64c86da176691f43bcf6a9e1c6a3456e92ef8e3fc4acd98c691362d2bca7bafe

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:15:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.34324
269

AhnLab V3 Security
PUP/Win32.Downloader
2016.05.11

Avira AntiVirus
TR/Taranis.2828
8.3.3.4

Arcabit
Trojan.Mikey.D8614
1.0.0.672

avast!
Win32:Adware-gen [Adw]
2014.9-160511

AVG
Generic
2017.0.2747

Bitdefender
Gen:Variant.Mikey.34324
1.0.20.660

Bkav FE
W32.HfsAdware
1.3.0.7717

Dr.Web
Trojan.Winlock.12776
9.0.1.0132

Emsisoft Anti-Malware
Gen:Variant.Mikey.34324
8.16.05.11.03

ESET NOD32
Win32/Packed.NSISmod.O suspicious (variant)
10.13469

F-Prot
W32/Trojan.KV.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Mikey.34324
11.2016-11-05_4

G Data
Gen:Variant.Mikey.34324
16.5.25

IKARUS anti.virus
Trojan.Taranis
t3scan.2.0.9.0

Malwarebytes
PUP.Optional.ChinAd
v2016.05.11.03

Microsoft Security Essentials
SoftwareBundler:Win32/Xiazai
1.1.12706.0

MicroWorld eScan
Gen:Variant.Mikey.34324
17.0.0.396

Panda Antivirus
Trj/Genetic.gen
16.05.11.03

Rising Antivirus
Malware.Undefined!8.C-fJFbZTA7Q2O (Cloud)
23.00.65.16509

Sophos
Xiazai (PUA)
4.98

SUPERAntiSpyware
PUP.ChinAd/Variant
9151

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
49290

Zillya! Antivirus
Downloader.XiazaiCRTD.Win32.217
2.0.0.2855

File size:
282.3 KB (289,032 bytes)

Product version:
6.0.0.1

Original file name:
Downloader

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\夫妻成长日记下载@2119_1005710.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/4/2015 5:27:27 PM

Valid to:
11/4/2016 5:27:27 PM

Subject:
CN="Shanghai Yishen Network Technology Co., Ltd.", O="Shanghai Yishen Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
62B00AF7B42A239D1C1409007FAEFFB5

File PE Metadata
Compilation timestamp:
3/29/2016 11:48:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:lxaodvYSI78/kJ0z3oGeJudrmlopP4hc1HGr+YzM:lrdv37v3G8olwPoc1HvgM

Entry address:
0x3301

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 1C, C7, 44, 24, 14, 10, 74, 40, 00, 33, F6, C6, 44, 24, 18, 20, FF, 15, 98, 70, 40, 00, FF, 15, 9C, 70, 40, 00, 66, 83, F8, 06, 74, 11, 53, E8, A8, 27, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 68, 08, 74, 40, 00, E8, 29, 27, 00, 00, 68, 00, 74, 40, 00, E8, 1F, 27, 00, 00, 68, F4, 73, 40, 00, E8, 15, 27, 00, 00, 6A, 0D, E8, 78, 27, 00, 00, 6A, 0B, E8, 71, 27, 00, 00, A3, 00, 3C, 42, 00, FF, 15, 30, 70, 40, 00, 53, FF...
 
[+]

Entropy:
7.7505

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file 夫妻成长日记下载@2119_1005710.exe has been seen being distributed by the following 8 URLs.

http://down.xiazai2.net/?/2223/.../WinRAR(64bit).exe

http://down.dxias.com/cx/12/.../AdobeFlashPlayer@19_149406.exe

http://down.xiazai2.net/?/49894/.../??????????? 1.3 ????????|?????????????????????.exe

http://xiazai.zol.com.cn/down.php?softid=105598&subcateid=53&site=10&checkStr=e6b089c7d64880b83&pos=downloader_main&rand=e45a1b

Remove 夫妻成长日记下载@2119_1005710.exe - Powered by Reason Core Security