home

adks_qone8.exe

221_adks

Skytouch Technology Co., Limited

The application adks_qone8.exe by Skytouch Technology Co., Limited has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net and multiple other hosts.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
221_adks

Description:
Skytech

Version:
3.1.0.3452

MD5:
bdc4686f840441d462c3eed3b7d7c6d5

SHA-1:
5643a46527298dac2522ee99be7040ed6ac10246

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/27/2024 12:28:34 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14331

Dr.Web
Adware.Mutabaha.46
9.0.1.090

ESET NOD32
Win32/ELEX (variant)
8.9616

Fortinet FortiGate
Riskware/Elex
3/31/2014

Malwarebytes
PUP.Optional.SkyTech.A
v2014.03.31.08

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.K
14.3.31.8

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.90

File size:
868.1 KB (888,984 bytes)

Product version:
3.1.0.3452

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\adks_qone8.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 7:52:17 AM

Valid to:
7/9/2014 10:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
3/10/2014 1:28:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:GOi7zbaOmO8wSUhB1b+aqK0r+6fCnyiHqewsiv30nyUSPT+ApD4:Gr7znjms1SaqK0y5nyibwTASL+AS

Entry address:
0x65AEC

Entry point:
E8, C6, CA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 54, 0D, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, B8, 0A, 00, 00, C7, 00, 16, 00, 00, 00, E8, 9A, 93, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, 91, 0A, 00, 00, C7, 00, 16, 00, 00, 00, E8, 73, 93, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, F0, 77, 03...
 
[+]

Code size:
542 KB (555,008 bytes)

The file adks_qone8.exe has been seen being distributed by the following 2 URLs.

http://d3emsmln8xfj03.cloudfront.net/bundles/.../adks_qone8.exe

http://d1t653m828c3x8.cloudfront.net/bundles/.../adks_qone8.exe

Remove adks_qone8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.