home

apr7_3395_cor_do-search.exe

3395_cor_do-search

Li Mo

The application apr7_3395_cor_do-search.exe by Li Mo has been detected as adware by 17 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Spy union  (signed by Li Mo)

Product:
3395_cor_do-search

Description:
Spy union

Version:
6.4.7603.1012

MD5:
de9e1cf6a6fb3fe0c936d9cdaaf9b6e1

SHA-1:
231405f78dede7cd3e0abfcb4a5206578539357d

SHA-256:
a4f1d4429e75a5ddeb9d6e6a236e1c693ee29c00f66e8188011267da5068ee0c

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/23/2024 7:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
666

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.06.11

Arcabit
Application.Elex.1
1.0.0.425

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.1549

Bitdefender
Gen:Application.Elex.1
1.0.20.495

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Application.Elex
8.15.04.09.06

ESET NOD32
Win32/ELEX.EC potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/LiMo
4/9/2015

F-Secure
Riskware.Gen:Application.Elex.1
11.2015-09-04_5

G Data
Gen:Application.Elex
15.4.25

herdProtect (fuzzy)
variant of mar30_3398_corfr_sweet-page.exe
2015.7.12.13

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.297

Norman
Gen:Application.Elex.1
11.20150712

Reason Heuristics
PUP.Liyan Liu
15.4.9.14

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
396.4 KB (405,880 bytes)

Product version:
6.4.7603.1012

Copyright:
Spy union

Original file name:
ComEntCount.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\52cf2135_stp\apr7_3395_cor_do-search.exe

Digital Signature
Signed by:
Li Mo

Authority:
DigiCert Inc

Valid from:
8/4/2014 2:00:00 AM

Valid to:
8/12/2015 2:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
078E6AB78826A47B4AE05D93CF737658

File PE Metadata
Compilation timestamp:
3/27/2015 10:15:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:E2B9yUBwHbFvORmB3VJ14vFpS4J19oZmw:E2B9yUS79OMBRcpbJ19gmw

Entry address:
0x2D4E6

Entry point:
E8, 00, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 38, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
278 KB (284,672 bytes)

Remove apr7_3395_cor_do-search.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.