home

武装突袭3五项修改器@13_145877.exe

下载器

Ruifeng Network Technology Co., Ltd.

The application 武装突袭3五项修改器@13_145877.exe by Ruifeng Network Technology Co. has been detected as adware by 26 anti-malware scanners. The file has been seen being downloaded from www.52z.com.
Publisher:
Ruifeng Network Technology Co., Ltd.  (signed and verified)

Product:
下载器

Version:
6.0.0.7

MD5:
5c2a3172c2298444eead8b62d055d2ff

SHA-1:
67203613be52bbe1e910156bd67ca102aec6b278

SHA-256:
71af3a8d1f332c9d5c0ee4a827981192e58ba3225f87b1c26e7f09a3cc8365ab

Scanner detections:
26 / 68

Status:
Adware

Analysis date:
11/27/2024 2:35:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.02

Avira AntiVirus
APPL/Qjwmonkey.uzte
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-150413

AVG
Generic6
2016.0.3140

Clam AntiVirus
Win.Adware.Qjwmonkey-13
0.98/21511

Comodo Security
Application.Win32.Qjwmonkey.ADH
21620

Dr.Web
Adware.Qjwmonkey.1
9.0.1.0103

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.11415

Fortinet FortiGate
Riskware/BindEx
4/13/2015

F-Prot
W32/S-80af3038
v6.4.7.1.166

G Data
Win32.Trojan.Agent.J8L1NJ
15.4.25

herdProtect (fuzzy)
variant of ��žï¿½†ï¿½è¶³ï¿½-ƒ2012k�œ‚(kitserver12�œ€ï¿½–��‰ˆ)+@48_13931.exe (Adware)
2015.7.15.10

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.8.9.0

K7 AntiVirus
DoS-Trojan
13.194.14927

Kaspersky
not-a-virus:Downloader.Win32.BindEx
14.0.0.2197

Malwarebytes
Adware.Qjwmonkey
v2015.04.13.01

McAfee
Artemis!5C2A3172C229
5600.6796

NANO AntiVirus
Riskware.Win32.Qjwmonkey.dnwfek
0.30.8.659

Panda Antivirus
Generic Suspicious
15.04.13.01

Reason Heuristics
PUP.RuifengNetworkTechnologyCo
15.4.24.0

Sophos
Ruifeng
4.98

Trend Micro House Call
Suspicious_GEN.F47V0203
7.2.103

Trend Micro
ADW_DOWNWARE
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic
38718

Zillya! Antivirus
Adware.Qjwmonkey.Win32.1
2.0.0.2124

File size:
671.3 KB (687,360 bytes)

Product version:
6.0.0.7

Original file name:
下载器

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\????3?????@13_145877.exe

Digital Signature
Signed by:
Ruifeng Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
1/14/2015 5:05:07 PM

Valid to:
1/14/2016 5:05:07 PM

Subject:
CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata
Compilation timestamp:
1/27/2015 5:01:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:DAMsQnOhFIwZ1KUcZdKRlMVyRgjAzJGXCx3eK46yUOlo:DAMGkrZ8lniAFGyxfDyUOi

Entry address:
0x1530B

Entry point:
E8, 59, 87, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B0, 8C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 7A, 43, 00, 01, 0F, 82, 38, 89, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
7.0597

Code size:
164.5 KB (168,448 bytes)

The file 武装突袭3五项修改器@13_145877.exe has been seen being distributed by the following URL.

http://www.52z.com/.../down?appid=13&id=145877

Remove 武装突袭3五项修改器@13_145877.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.