desk365.exe

Desk 365

337 Technology Limited

The application desk365.exe, “desk 365 downloader” by 337 Technology Limited has been detected as adware by 13 anti-malware scanners. The file has been seen being downloaded from cdninst.com and multiple other hosts.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
Desk 365

Description:
desk 365 downloader

Version:
0.0.0.1

MD5:
19930a73ec925fd5174ce3bb0a67fd6f

SHA-1:
1124849c4fbc21f1bae3f86f7d876406238e8420

SHA-256:
ce4762c6851c846886651193c4dcf3c4fd8ee2ef8d8077f1b33c38ff1fe18452

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/26/2024 9:45:20 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Badur
2013.12.11

Avira AntiVirus
APPL/Downloader.Gen
7.11.119.12

Bkav FE
W32.Clod438.Trojan
1.3.0.4613

Boost by Reason
Optional.337TechnologyLimited.H
188838

Dr.Web
Adware.Siggen.25992
9.0.1.0350

ESET NOD32
Win32/ELEX (variant)
7.9157

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10469

Malwarebytes
PUP.Optional.Desk365.A
v2013.12.16.04

McAfee
Artemis!19930A73EC92
5600.7280

NANO AntiVirus
Trojan.Win32.Badur.cqjbda
0.28.0.56692

Reason Heuristics
PUP.337TechnologyLimited.H
14.8.7.20

Vba32 AntiVirus
Trojan.Badur
3.12.24.3

File size:
361.5 KB (370,208 bytes)

Product version:
0.0.0.1

Copyright:
Copyright (C) 2012

Original file name:
deskdl.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\desk365.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 5:04:18 AM

Valid to:
6/26/2015 5:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
3/27/2013 4:51:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:lmHxOQnSQ/E0HkZb3qTZnowWrYykMd+FzT4DBrDnre2GXjvg+jlNgnzYAIE4sYWM:QHPSGE0HM6TZzWrYKd+FHcP3bsH

Entry address:
0x10966

Entry point:
E8, A7, 8C, 00, 00, E9, 89, FE, FF, FF, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9, 83, F1, FF, 33, CF, 83, C2, 04, 81...
 
[+]

Entropy:
6.3848

Code size:
160 KB (163,840 bytes)

The file desk365.exe has been seen being distributed by the following 2 URLs.

http://cdninst.com/offers/.../deskdl.exe

Remove desk365.exe - Powered by Reason Core Security