home

adsu_re_140116_414eeb_40zee0_0e0q0z0z_e137000_optimusnobrand.exe

ADSU

JRD COMMUNICATION (SHENZHEN) LTD

This is a setup program which is used to install the application. The file has been seen being downloaded from firmware.nos.pt and multiple other hosts.
Publisher:
JRD COMMUNICATION (SHENZHEN) LTD  (signed and verified)

Product:
ADSU

Version:
1, 0, 0, 1

MD5:
989b853c5abf53d2ad096f5a3f72d005

SHA-1:
7044fde7cbf8e2931b396ad3dbb1825a5756aed0

SHA-256:
d80da9fd84cd3866abd0e6b0a0643eff89b0ba1230575302e425613635606b3a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 11:37:42 PM UTC  (a few moments ago)

File size:
126 MB (132,151,936 bytes)

Product version:
1, 0, 0, 1

Copyright:
JRD Commuication Inc Copyright. (C) 2010

Original file name:
ADSU.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Digital Signature
Signed by:
JRD COMMUNICATION (SHENZHEN) LTD

Authority:
VeriSign, Inc.

Valid from:
10/26/2011 1:00:00 AM

Valid to:
12/17/2014 11:59:59 PM

Subject:
CN=JRD COMMUNICATION (SHENZHEN) LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JRD COMMUNICATION (SHENZHEN) LTD, L=深圳, S=广东省深圳市, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5A361595684C6091D0F5D75FE412DC04

File PE Metadata
Compilation timestamp:
6/29/2013 7:07:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
786432:AJWKcFrkfVftFBJs6Zp64Z/VdmCFpa5XOW+MIlbuXkIha/Zf1j2fhYGWB4m3o8Oi:A/cFAdfrvn/VXw5X1CpZf1PGqoI

Entry address:
0x12A0

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 8C, 8D, D9, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 24, 8E, D9, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, D8, 8D, D9, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, B4, 60, C1, 00, E8, 6E, A0, 73, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, C7, 60, C1, 00, 89, 04, 24, E8, 61, A0, 73, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 00, D9, 00, C7, 04, 24, 00, 70, D8, 00, FF, D0, 8B...
 
[+]

Packer / compiler:
MingWin32

Code size:
8.1 MB (8,441,856 bytes)

The file adsu_re_140116_414eeb_40zee0_0e0q0z0z_e137000_optimusnobrand.exe has been seen being distributed by the following 2 URLs.

http://firmware.nos.pt/Alcatel/Y800Z/.../ADSU_RE_140116_414EEB_40ZEE0_0E0Q0Z0Z_E137000_NOSNobrand.exe

http://download.nos.pt/.../ADSU_RE_140116_414EEB_40ZEE0_0E0Q0Z0Z_E137000_OptimusNobrand.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.