» cook.dll+@48_44902.exe
Overview
Analysis
File Details

cook.dll+@48_44902.exe

下载器

Ruifeng Network Technology Co., Ltd.

The application cook.dll+@48_44902.exe by Ruifeng Network Technology Co. has been detected as adware by 22 anti-malware scanners.

File name:

Publisher:

Ruifeng Network Technology Co., Ltd. (signed and verified)

Product:

下载器

Version:

6.0.0.7

MD5:

4fa800479348fcaedecfd2f3652853b4

SHA-1:

fe3d7185ef17f8bcde95c8ace99f2fc7f84d1e93

SHA-256:

314ffac9201481a0f353daad32b894c6bc51cf01d95900d8ca1745fb857f3da3

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

11/27/2024 4:49:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1135798

698

Agnitum Outpost

PUA.Qjwmonkey

7.1.1

AhnLab V3 Security

Adware/Win32.Downloader

2015.02.11

Avira AntiVirus

APPL/Qjwmonkey.uzte

7.11.211.60

avast!

Win32:Adware-gen [Adw]

2014.9-150218

AVG

Generic6

2016.0.3194

Bitdefender

Application.Generic.1135798

1.0.20.340

Comodo Security

Application.Win32.Qjwmonkey.ADH

21128

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

9.11198

Fortinet FortiGate

Riskware/Qjwmonkey

3/9/2015

F-Secure

Application.Generic.1135798

11.2015-09-03_2

G Data

Application.Generic.1135798

15.3.25

IKARUS anti.virus

PUA.Qjwmonkey

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.196.15011

McAfee

Artemis!4FA800479348

5600.6850

NANO AntiVirus

Riskware.Win32.Qjwmonkey.dnwfek

0.30.0.126

Reason Heuristics

PUP.RuifengNetworkTechnologyCo

15.4.24.0

Sophos

Generic PUA EF

4.98

Trend Micro House Call

Suspicious_GEN.F47V0218

7.2.49

VIPRE Antivirus

Trojan.Win32.Generic

37692

ViRobot

Adware.AppDownloader.687360[h]

2014.3.20.0

Zillya! Antivirus

Adware.Qjwmonkey.Win32.1

2.0.0.2073

File size:

671.8 KB (687,872 bytes)

Product version:

6.0.0.7

Original file name:

下载器

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\cook.dll+@48_44902.exe

Digital Signature

Signed by:

Ruifeng Network Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

1/14/2015 3:05:07 AM

Valid to:

1/14/2016 3:05:07 AM

Subject:

CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata

Compilation timestamp:

1/27/2015 3:01:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:7AMsQnOhFIwZ1KUcZdKRlMVyRgjAzJGXCx3eK4i5Fkl1:7AMGkrZ8lniAFGyxf/5Fk7

Entry address:

0x1530B

Entry point:

E8, 59, 87, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B0, 8C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 7A, 43, 00, 01, 0F, 82, 38, 89, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1... 
[+]

Entropy:

7.0645

Code size:

164.5 KB (168,448 bytes)

Remove cook.dll+@48_44902.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.