8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe

4031_pcm_istartsurf

Shulan Hou

The application 8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 4threquest.me.
Publisher:
Welnk.com  (signed by Shulan Hou)

Product:
4031_pcm_istartsurf

Description:
Welnk

Version:
6.6.86.1626

MD5:
797ee8161a4df405f9f805690ad1ae84

SHA-1:
d35507982b13d095603dc4a4d16c353db3b12d8f

SHA-256:
9bb67f9387afcdd942dbfb3b0cc27094a1e181b6702f7455c1a4f9886b3da306

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 5:12:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.ShulanHou (M)
16.2.18.12

File size:
257.1 KB (263,264 bytes)

Product version:
6.6.86.1626

Copyright:
Copyright (C) Wilnk 2006

Original file name:
WeLink.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\o8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik\8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
12/23/2014 10:00:00 PM

Valid to:
1/6/2016 10:00:00 AM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03444231C5CC0150BB1C3EE61168AFD1

File PE Metadata
Compilation timestamp:
6/16/2015 3:16:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:7EcgCjyBBUJGSbC/3B93wbMp4/OA1j0nQTUEXyJ:7mYyMGSbC/B93wbMpo1onouJ

Entry address:
0xF2D6

Entry point:
E8, 44, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 78, 44, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 60, 41, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00...
 
[+]

Code size:
138 KB (141,312 bytes)

The file 8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe has been seen being distributed by the following URL.