» -¸-+¦ª-¸-+¦µ.exe
Overview
Analysis
File Details
Network (5)

-¸-+¦ª-¸-+¦µ.exe

liuliangbao

www.liuliangbao.cn

The application -¸-+¦ª-¸-+¦µ.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. While running, it connects to the Internet address reverse.gdsz.cncnet.net on port 80 using the HTTP protocol.

File name:

-¸-+¦ª-¸-+¦µ.exe

Publisher:

www.liuliangbao.cn

Product:

liuliangbao

Description:

流量宝流量版

Version:

2.3

MD5:

792e75a7c7e69addc162ad51ee7743b7

SHA-1:

00cf2d266579254202445f76f0c23b2d022eb95c

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 10:35:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.50520

-16

AegisLab AV Signature

Gen.Variant.Razy!c

2.1.4+

Avira AntiVirus

TR/Razy.nclze

8.3.3.4

Arcabit

Trojan.Razy.DC558

1.0.0.795

Bitdefender

Gen:Variant.Razy.50520

1.0.20.250

Emsisoft Anti-Malware

Gen:Variant.Razy.50520

8.17.02.19.07

Fortinet FortiGate

Adware/Liuliangbao

2/19/2017

F-Secure

Gen:Variant.Razy.50520

11.2017-19-02_1

G Data

Gen:Variant.Razy.50520

17.2.25

K7 AntiVirus

Trojan

13.251.22439

Kaspersky

not-a-virus:AdWare.Win32.Liuliangbao

14.0.0.-1194

McAfee

Artemis!792E75A7C7E6

5600.6118

MicroWorld eScan

Gen:Variant.Razy.50520

18.0.0.150

Panda Antivirus

Trj/GdSda.A

17.02.19.07

Qihoo 360 Security

HEUR/QVM10.1.0A9E.Malware.Gen

1.0.0.1120

Sophos

Generic PUA AA (PUA)

4.98

Trend Micro House Call

TROJ_GEN.R00XC0EBE17

7.2.50

Trend Micro

TROJ_GEN.R00XC0EBE17

10.465.19

File size:

1.6 MB (1,696,256 bytes)

Product version:

2.3

Original file name:

liuliangbao

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\-¸-+¦ª-¸-+¦µ\-¸-+¦ª-¸-+¦µ.exe

File PE Metadata

Compilation timestamp:

2/7/2017 7:29:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0xC4540

Entry point:

E8, F6, 98, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 4C, A1, 10, 67, 54, 00, 33, C5, 89, 45, FC, 53, 33, DB, 57, 8B, F9, 89, 5D, C0, 89, 5D, BC, 3B, FB, 75, 1A, E8, 5D, 22, 00, 00, C7, 00, 16, 00, 00, 00, E8, 46, 49, 00, 00, 83, CA, FF, 8B, C2, E9, 65, 02, 00, 00, 8B, 47, 14, 99, 8B, C8, 8B, C2, 89, 4D, D0, 83, C1, BB, 89, 45, D4, 83, D0, FF, 56, 3B, C3, 0F, 87, 37, 02, 00, 00, 72, 0C, 81, F9, 08, 04, 00, 00, 0F, 87, 29, 02, 00, 00, 8B, 47, 10, 3B, C3, 7C, 05, 83, F8, 0B, 7E, 46, 99, 6A, 0C... 
[+]

Code size:

1 MB (1,061,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to firewall.systemarts.com (165.254.60.146:80)

TCP (HTTP):

Connects to server-54-230-81-37.mia50.r.cloudfront.net (54.230.81.37:80)

TCP (HTTP):

Connects to reverse.gdsz.cncnet.net (58.251.139.142:80)

TCP (HTTP):

Connects to node-107-167-27-88.reverse.x4b.me (107.167.27.88:80)

TCP (HTTP SSL):

Connects to 203.130.54.225-BJ-CNC (203.130.54.225:443)

Remove -¸-+¦ª-¸-+¦µ.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.