adks_v9_20140603.exe

411_adks

Beijing ELEX Technology Co.,Ltd

The application adks_v9_20140603.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 17 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d1s8azhe8rpvoz.cloudfront.net.
Publisher:
Beijing ELEX Technology Co.,Ltd  (signed and verified)

Product:
411_adks

Description:
FileSyn

Version:
14.4.4.8

MD5:
5d09cf0f1088853f5116e8980bba7557

SHA-1:
c84728b5941ae60a24636c015285f4187895e06b

SHA-256:
bb3bdc2a143d01ab323861a167582aad07849a183d14ac8fe7beb1113ece669a

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:53:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.11.04

AVG
Downloader.Generic13
2015.0.3294

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141110

Dr.Web
Adware.Mutabaha.53
9.0.1.0314

ESET NOD32
Win32/ELEX.AJ (variant)
8.10662

Fortinet FortiGate
Riskware/Elex
11/10/2014

G Data
Win32.Adware.Elex
14.11.24

K7 AntiVirus
Trojan
13.185.13888

McAfee
Artemis!5D09CF0F1088
5600.6950

NANO AntiVirus
Riskware.Win32.ELEX.dcjdam
0.28.6.62995

Reason Heuristics
PUP.BeijingELEXTechnologyCoLtd.Q
14.11.10.12

Total Defense
Win32/Tnega.fFNdbOB
37.0.11260

Trend Micro House Call
TROJ_GEN.R02SC0OJM14
7.2.314

Trend Micro
TROJ_GEN.R02SC0OJM14
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
34474

Zillya! Antivirus
Adware.ELEX.Win32.2
2.0.0.1975

File size:
675.1 KB (691,344 bytes)

Product version:
14.4.4.8

Copyright:
Copyright (C) 2014

Original file name:
FileSyn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\adks_v9_20140603.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/26/2013 6:54:20 AM

Valid to:
7/27/2014 6:54:20 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112131F67BDEA1D6D12E11D656C8BE509ECE

File PE Metadata
Compilation timestamp:
5/22/2014 7:42:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:pgmKVk5viTbVsmwH+pQlYoyWoWiemZPUdRtbQft72vUMUnFs9ek3epiO:pJKLfBw9SZH2vInv3

Entry address:
0x5FC2F

Entry point:
E8, 32, D0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 7E, DD, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, B0, C5, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 54, 88, 49, 00, FF, 15, 28, E2, 47, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, B4, 8A, 49, 00, 74, 40, 56, E8, BB, 1F, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, AB, 1F, 00, 00, 59, E8, 13, E2, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Entropy:
6.2670

Code size:
500 KB (512,000 bytes)

The file adks_v9_20140603.exe has been seen being distributed by the following URL.

Remove adks_v9_20140603.exe - Powered by Reason Core Security