» 风越文件批量改名器@34_130941.exe
Overview
Analysis
File Details
Downloads (1)

风越文件批量改名器@34_130941.exe

downloader

Hefei Lewei Information Technology Co.,Ltd.

The application 风越文件批量改名器@34_130941.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 27 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from url.tudown.com.

File name:

Publisher:

Hefei Lewei Information Technology Co.,Ltd. (signed and verified)

Product:

downloader

Version:

1.0.2.2

MD5:

d646213298b3f7920b3e6e8e1a7cf160

SHA-1:

69ca2add8482daa4d6cd6ed72bc7ab785c11b024

SHA-256:

7c685812988f74aead760e7fc4e0820b0288894d4e9b11efea42e63fa4f7d07b

Scanner detections:

27 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 10:23:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.84

219

AegisLab AV Signature

Adware.W32.Tpyn!c

2.1.4+

AhnLab V3 Security

PUP/Win32.Downloader

2016.05.28

Avira AntiVirus

APPL/Qjwmonkey.cfk

8.3.3.4

Arcabit

Trojan.Application.Bundler.84

1.0.0.688

avast!

Win32:Adware-gen [Adw]

2014.9-160629

AVG

Generic7

2017.0.2697

Baidu Antivirus

Win32.Adware.Qjwmonkey

4.0.3.16629

Bitdefender

Gen:Variant.Application.Bundler.84

1.0.20.905

Bkav FE

W32.HfsAdware

1.3.0.8042

Comodo Security

Application.Win32.Qjwmonkey.BA

25116

Dr.Web

Adware.Qjwmonkey.82

9.0.1.0181

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

10.13558

Fortinet FortiGate

Adware/Tpyn

6/29/2016

G Data

Gen:Variant.Application.Bundler.84

16.6.25

IKARUS anti.virus

PUA.Qjwmonkey

t3scan.2.0.9.0

K7 AntiVirus

Adware

13.226.19737

Kaspersky

not-a-virus:HEUR:Adware.Win32.Tpyn

14.0.0.-18

McAfee

Artemis!D646213298B3

5600.6353

MicroWorld eScan

Gen:Variant.Application.Bundler.84

17.0.0.543

Panda Antivirus

Trj/Genetic.gen

16.06.29.02

Rising Antivirus

Malware.Undefined!8.C-OvPOhWADn0M (Cloud)

23.00.65.16627

Sophos

Generic PUA GJ (PUA)

4.98

Trend Micro

TROJ_GEN.R0F3C0OEJ16

10.465.29

VIPRE Antivirus

Trojan.Win32.Generic

49696

ViRobot

Adware.Qjwmonkey.770032.A[h]

2014.3.20.0

Zillya! Antivirus

Adware.Qjwmonkey.Win32.159

2.0.0.2896

File size:

752 KB (770,032 bytes)

Product version:

1.0.2.2

Original file name:

downloader

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\风越文件批量改名器@34_130941.exe

Digital Signature

Signed by:

Hefei Lewei Information Technology Co.,Ltd.

Authority:

WoSign CA Limited

Valid from:

10/29/2015 1:17:37 AM

Valid to:

10/29/2016 1:17:37 AM

Subject:

CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

5AB7015B756534ACC678E7DB75D22D97

File PE Metadata

Compilation timestamp:

5/11/2016 7:09:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:mSZHLUuyVut9MDOBRBq8BZhrnkNUNT+dnT:mSl6dDOBRBLtrnkNUp+dnT

Entry address:

0x2186B

Entry point:

E8, C9, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 05, B2, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74... 
[+]

Entropy:

6.3078

Code size:

229.5 KB (235,008 bytes)

The file 风越文件批量改名器@34_130941.exe has been seen being distributed by the following URL.

http://url.tudown.com/.../?????????@34_130941.exe

Remove 风越文件批量改名器@34_130941.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.