home

amt_omniboxes.exe

3268_amt_omniboxes

Shulan Hou

The application amt_omniboxes.exe by Shulan Hou has been detected as adware by 14 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
BaiSix  (signed by Shulan Hou)

Product:
3268_amt_omniboxes

Description:
BaiSix

Version:
6.3.7602.2008

MD5:
92d5a15129b3dfd86d3501ebfa68298a

SHA-1:
4dab043bed36c817f0c7674040ee126aa65cebd8

SHA-256:
48b4a93e2be9dfd49053620aecda53c74b231734ca36346acb4f677c00fc9c6b

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/24/2024 3:02:54 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.15328

Dr.Web
Adware.Mutabaha.220
9.0.1.0184

ESET NOD32
Win32/LiMo.C potentially unwanted (variant)
9.11419

Fortinet FortiGate
W32/ELEX.C
3/28/2015

herdProtect (fuzzy)
variant of untf472.tmp.exe (Adware)
2015.7.3.3

IKARUS anti.virus
PUA.LiMo
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15470

Malwarebytes
PUP.Optional.Omniboxes.A
v2015.03.28.01

McAfee
Artemis!7FB24EA08AA4
5600.6812

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Ma Lin
15.3.28.13

Sophos
Elex
4.98

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.87

File size:
492.1 KB (503,904 bytes)

Product version:
6.3.7602.2008

Copyright:
BaiSix.com

Original file name:
BaiSix.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\amt_omniboxes.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
DigiCert Inc

Valid from:
12/24/2014 5:30:00 AM

Valid to:
1/6/2016 5:30:00 AM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0FB6FD4A80D186219716435AB3762FB2

File PE Metadata
Compilation timestamp:
3/12/2015 11:34:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:+ENMvWgHqHNNFlEG262OFxZKv72LXs1QHc:+ENMvWtXlBKv72L1Hc

Entry address:
0x16F33

Entry point:
E8, 15, C6, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, CB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 88, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, CB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.1528

Code size:
335 KB (343,040 bytes)

Remove amt_omniboxes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.