home

adks_omiga-plus.exe

2618_adks_omiga-plus

Shulan Hou

The application adks_omiga-plus.exe by Shulan Hou has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlwurina.com and multiple other hosts.
Publisher:
TabMain  (signed by Shulan Hou)

Product:
2618_adks_omiga-plus

Description:
TabMain

Version:
6.3.76.1518

MD5:
faba816e13a44882b277e64d0e92b8f5

SHA-1:
1fd17ac6233c183d2de33bf7fe397f3e45c0d094

SHA-256:
f3afbd6c8acf6f56de00ce8f3c5436f4026aed6733323a5cc3ce07b877f31e3e

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/23/2024 4:58:07 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.111
9.0.1.033

ESET NOD32
Win32/ELEX.CF potentially unwanted application
9.7.0.302.0

K7 AntiVirus
Unwanted-Program
13.202.15335

Reason Heuristics
PUP.Ma Lin
15.2.2.12

File size:
310.3 KB (317,712 bytes)

Product version:
6.3.76.1518

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\adks_omiga-plus.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0FB6FD4A80D186219716435AB3762FB2

File PE Metadata
Compilation timestamp:
1/13/2015 7:10:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:a7Bnvx3mTCG0EnQY7Td8b5rWFX+HDBUeZjpiD:a79xMCfEQ6dw5re+HDGe2D

Entry address:
0x1A58B

Entry point:
E8, 62, C2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
195 KB (199,680 bytes)

The file adks_omiga-plus.exe has been seen being distributed by the following 2 URLs.

http://www.girlwurina.com/.../adks_omiga-plus.exe

http://www.girlliuxiaowei.com/.../adks_omiga-plus.exe

Remove adks_omiga-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.