2sq_oursurfing.exe

4965_2sq_oursurfing

Giner Tech Inc

The application 2sq_oursurfing.exe by Giner Tech Inc has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Giner Tech Inc  (signed and verified)

Product:
4965_2sq_oursurfing

Description:
Installer Module

Version:
1.0.0.2

MD5:
6023faa19f41c09f023a262b7e7644f8

SHA-1:
ec8590915e9aa382865bc747bc2af8cd8f0361c5

SHA-256:
dc29c1a34f044290043078d9a9e1c4d3afd04622a70833286cffd51f69e5ce25

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/25/2024 8:00:24 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.802
9.0.1.0297

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12442

F-Secure
Gen:Variant.Application.Jatif
11.2015-24-10_7

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.24.04

Reason Heuristics
PUP.Thinknice.GinerTech.Installer (M)
15.10.21.1

VIPRE Antivirus
Trojan.Win32.Generic
44710

File size:
538.6 KB (551,560 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\2sq_oursurfing.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/19/2015 5:31:10 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112106B3EDF5DE21FE5DD0E0F44EB00F51DB

File PE Metadata
Compilation timestamp:
10/15/2015 7:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:BOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrn3:tEwgWCOEuvFM4+saDvXN9iR3

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

The file 2sq_oursurfing.exe has been seen being distributed by the following URL.

Remove 2sq_oursurfing.exe - Powered by Reason Core Security