《性感海灘4》+剣闘士存檔@55_50747.exe

downloader of lewell

Hefei Lewei Information Technology Co.,Ltd.

The application 《性感海灘4》+剣闘士存檔@55_50747.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 22 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from url.goosai.com and multiple other hosts.
Publisher:

Product:
downloader of lewell

Version:
19.0.0.1

MD5:
ca4453b6111f3c903cb7e410de9aae69

SHA-1:
e64ccbb1ea5186d7373e4b6bc736d5c10931ff9c

SHA-256:
3f0f10c077e44948d0e3ff709e311284bb5ef455cb750953d8041ec855b6c7f8

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:26:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.84
304

AegisLab AV Signature
Gen.Variant.Application!c
2.1.4+

Avira AntiVirus
APPL/Qjwmonkey.cfk
8.3.3.4

Arcabit
Trojan.Application.Bundler.84
1.0.0.666

avast!
Win32:Adware-gen [Adw]
2014.9-160406

AVG
Generic7
2017.0.2782

Baidu Antivirus
Win32.Adware.Qjwmonkey
4.0.3.1646

Bitdefender
Gen:Variant.Application.Bundler.84
1.0.20.485

Dr.Web
Adware.Qjwmonkey.67
9.0.1.097

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
10.13290

F-Secure
Gen:Variant.Application.Bundler
11.2016-06-04_4

G Data
Gen:Variant.Application.Bundler.84
16.4.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.221.19225

Malwarebytes
Adware.Qjwmonkey
v2016.04.06.06

MicroWorld eScan
Gen:Variant.Application.Bundler.84
17.0.0.291

NANO AntiVirus
Riskware.Win32.Qjwmonkey.ebieid
1.0.18.7201

Panda Antivirus
Trj/Genetic.gen
16.04.06.06

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16404

Sophos
QjMonkey (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
48422

Zillya! Antivirus
Adware.Qjwmonkey.Win32.125
2.0.0.2766

File size:
751.8 KB (769,872 bytes)

Product version:
19.0.0.1

Original file name:
downloader of lewell

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\《性感海灘4》+剣闘士存檔@55_50747.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
3/28/2016 1:52:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:XIi9sUsu+9u5IvG2o7huBRBq8BZhrnkNUNTed80i:XIimNI92UuBRBLtrnkNUped80i

Entry address:
0x2131B

Entry point:
E8, C9, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 05, B2, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.3039

Code size:
228 KB (233,472 bytes)

The file 《性感海灘4》+剣闘士存檔@55_50747.exe has been seen being distributed by the following 7 URLs.

http://url.goosai.com/.../Internet@34_146302.exe

http://soft.xz.gezila.com/.../????????v1.0.1?????@130_50519.exe