-¸-+¦ª-¸-+¦µ.exe

liuliangbao

www.liuliangbao.cn

The application -¸-+¦ª-¸-+¦µ.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. While running, it connects to the Internet address reverse.gdsz.cncnet.net on port 80 using the HTTP protocol.
Publisher:
www.liuliangbao.cn

Product:
liuliangbao

Description:
流量宝流量版

Version:
2.3

MD5:
792e75a7c7e69addc162ad51ee7743b7

SHA-1:
00cf2d266579254202445f76f0c23b2d022eb95c

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:23:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.50520
-16

AegisLab AV Signature
Gen.Variant.Razy!c
2.1.4+

Avira AntiVirus
TR/Razy.nclze
8.3.3.4

Arcabit
Trojan.Razy.DC558
1.0.0.795

Bitdefender
Gen:Variant.Razy.50520
1.0.20.250

Emsisoft Anti-Malware
Gen:Variant.Razy.50520
8.17.02.19.07

Fortinet FortiGate
Adware/Liuliangbao
2/19/2017

F-Secure
Gen:Variant.Razy.50520
11.2017-19-02_1

G Data
Gen:Variant.Razy.50520
17.2.25

K7 AntiVirus
Trojan
13.251.22439

Kaspersky
not-a-virus:AdWare.Win32.Liuliangbao
14.0.0.-1194

McAfee
Artemis!792E75A7C7E6
5600.6118

MicroWorld eScan
Gen:Variant.Razy.50520
18.0.0.150

Panda Antivirus
Trj/GdSda.A
17.02.19.07

Qihoo 360 Security
HEUR/QVM10.1.0A9E.Malware.Gen
1.0.0.1120

Sophos
Generic PUA AA (PUA)
4.98

Trend Micro House Call
TROJ_GEN.R00XC0EBE17
7.2.50

Trend Micro
TROJ_GEN.R00XC0EBE17
10.465.19

File size:
1.6 MB (1,696,256 bytes)

Product version:
2.3

Copyright:
版权所有 (C) 2012

Original file name:
liuliangbao

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\-¸-+¦ª-¸-+¦µ\-¸-+¦ª-¸-+¦µ.exe

File PE Metadata
Compilation timestamp:
2/7/2017 7:29:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xC4540

Entry point:
E8, F6, 98, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 4C, A1, 10, 67, 54, 00, 33, C5, 89, 45, FC, 53, 33, DB, 57, 8B, F9, 89, 5D, C0, 89, 5D, BC, 3B, FB, 75, 1A, E8, 5D, 22, 00, 00, C7, 00, 16, 00, 00, 00, E8, 46, 49, 00, 00, 83, CA, FF, 8B, C2, E9, 65, 02, 00, 00, 8B, 47, 14, 99, 8B, C8, 8B, C2, 89, 4D, D0, 83, C1, BB, 89, 45, D4, 83, D0, FF, 56, 3B, C3, 0F, 87, 37, 02, 00, 00, 72, 0C, 81, F9, 08, 04, 00, 00, 0F, 87, 29, 02, 00, 00, 8B, 47, 10, 3B, C3, 7C, 05, 83, F8, 0B, 7E, 46, 99, 6A, 0C...
 
[+]

Code size:
1 MB (1,061,888 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to firewall.systemarts.com  (165.254.60.146:80)

TCP (HTTP):
Connects to server-54-230-81-37.mia50.r.cloudfront.net  (54.230.81.37:80)

TCP (HTTP):
Connects to reverse.gdsz.cncnet.net  (58.251.139.142:80)

TCP (HTTP):
Connects to node-107-167-27-88.reverse.x4b.me  (107.167.27.88:80)

TCP (HTTP SSL):
Connects to 203.130.54.225-BJ-CNC  (203.130.54.225:443)

Remove -¸-+¦ª-¸-+¦µ.exe - Powered by Reason Core Security