home

apr7_3394_cor_sweet-page.exe

3394_cor_sweet-page

Li Mo

The application apr7_3394_cor_sweet-page.exe by Li Mo has been detected as adware by 16 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Spy union  (signed by Li Mo)

Product:
3394_cor_sweet-page

Description:
Spy union

Version:
6.4.7603.1012

MD5:
5c367284dc5cc9c4d27635dba7fb8e3e

SHA-1:
f7c283c004e2c068158bc9d73ef06931926d3ced

SHA-256:
63348c7cc39c86c9489c7d67245af1b3329c19d4bb64eda83ff2078215f9ccd0

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 7:33:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
665

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.11

Arcabit
Application.Elex.1
1.0.0.425

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.15410

Bitdefender
Gen:Application.Elex.1
1.0.20.500

Emsisoft Anti-Malware
Gen:Application.Elex
8.15.07.13.08

ESET NOD32
Win32/ELEX.EC potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Gen:Application.Elex.1
11.2015-10-04_6

G Data
Gen:Application.Elex
15.4.25

herdProtect (fuzzy)
variant of mar30_3396_corna_do-search.exe
2015.7.13.8

Malwarebytes
PUP.Optional.DoSearch.A
v2015.07.13.08

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.300

Norman
Gen:Application.Elex.1
11.20150713

Reason Heuristics
PUP.Liyan Liu
15.4.10.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
396.4 KB (405,880 bytes)

Product version:
6.4.7603.1012

Copyright:
Spy union

Original file name:
ComEntCount.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\7041fec8_stp\apr7_3394_cor_sweet-page.exe

Digital Signature
Signed by:
Li Mo

Authority:
DigiCert Inc

Valid from:
8/4/2014 3:00:00 AM

Valid to:
8/12/2015 3:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
078E6AB78826A47B4AE05D93CF737658

File PE Metadata
Compilation timestamp:
3/27/2015 11:15:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:N2B9yUBwHbFvORmB3VJ14vFpS4J19oWmk:N2B9yUS79OMBRcpbJ19fmk

Entry address:
0x2D4E6

Entry point:
E8, 00, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 38, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
6.5537

Code size:
278 KB (284,672 bytes)

Remove apr7_3394_cor_sweet-page.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.