3396_corna_do-search.exe.rename

3396_corna_do-search

Li Mo

The file 3396_corna_do-search.exe.rename by Li Mo has been detected as adware by 15 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Spy union  (signed by Li Mo)

Product:
3396_corna_do-search

Description:
Spy union

Version:
6.4.7603.1012

MD5:
83beaa39d0db954793988396914d193e

SHA-1:
de579f7f86b2d4ade12f68d39ffbd122cc1b9d80

SHA-256:
69e11fd3df2bf2ce2607c02980e8613646dc9f3ebc233ca1fb29809a9d6c55cf

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 12:43:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
604

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.19

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.15610

Bitdefender
Gen:Application.Elex.1
1.0.20.805

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/LiMo.C potentially unwanted (variant)
9.11646

F-Secure
Gen:Application.Elex.1
11.2015-10-06_4

G Data
Gen:Application.Elex
15.6.25

Malwarebytes
PUP.Optional.DoSearch.A
v2015.06.10.03

McAfee
Artemis!83BEAA39D0DB
5600.6738

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.483

Reason Heuristics
PUP.Liyan Liu.LiMo
15.6.10.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40350

File size:
396.4 KB (405,880 bytes)

Product version:
6.4.7603.1012

Copyright:
Spy union

Original file name:
ComEntCount.exe

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3396_corna_do-search.exe.rename

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/4/2014 3:00:00 AM

Valid to:
8/12/2015 3:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0226284B6EE43FB2E43A2888B7D5BA02

File PE Metadata
Compilation timestamp:
3/27/2015 11:15:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:52B9yUBwHbFvORmB3VJ14vFpS4J19oTmf:52B9yUS79OMBRcpbJ192mf

Entry address:
0x2D4E6

Entry point:
E8, 00, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 38, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
6.5493

Code size:
278 KB (284,672 bytes)

Remove 3396_corna_do-search.exe.rename - Powered by Reason Core Security