home

desk365_update_v6.7.69.exe

337 Technology Limited

The application desk365_update_v6.7.69.exe by 337 Technology Limited has been detected as adware by 14 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from www.reqwhwlg.com.
Publisher:
Desk 365  (signed by 337 Technology Limited)

Product:
Desk 365

Version:
6.7.69.29197

MD5:
d2995e48fe6ef19f6f9802f508731ed7

SHA-1:
5383756218c25861b01a6f732c6f534919485c33

SHA-256:
25368f9916546c41815cf2d64dde64deb1d174b0a3f6b1c5cc118390d899534c

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/23/2024 6:44:31 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.85
9.0.1.0294

ESET NOD32
Win32/Toolbar.TNT2.I potentially unwanted
9.12261

Fortinet FortiGate
Riskware/NetFilter
10/21/2015

G Data
Win32.Application.Agent.I2A2RF
15.10.25

K7 AntiVirus
Adware
13.210.17230

Kaspersky
not-a-virus:NetTool.Win32.NetFilter
14.0.0.1241

Malwarebytes
FraudTool.YAC
v2015.10.21.08

McAfee
Artemis!D2995E48FE6E
5600.6605

NANO AntiVirus
Riskware.Win32.BrowseFox.dvamdx
0.30.24.3283

Panda Antivirus
Generic Suspicious
15.10.21.08

Reason Heuristics
PUP.ELEX.337Technology (M)
15.10.21.20

Vba32 AntiVirus
Downloader.Elex
3.12.26.4

VIPRE Antivirus
NetFilter
43798

Zillya! Antivirus
Tool.NetFilter.Win32.6841
2.0.0.2399

File size:
25 MB (26,176,648 bytes)

Product version:
6.7.69.29197

Copyright:
Copyright (C) 2015

Original file name:
Desk 365.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\desk 365\update\desk365_update_v6.7.69.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
5/28/2015 6:04:10 AM

Valid to:
5/28/2016 6:04:10 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B967F092CBF19234F4F18F730F4F767B

File PE Metadata
Compilation timestamp:
8/10/2015 8:01:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:5OA9rfiWlMGZCen4ICCC5uCi6weIIlTt5jPcUOwfgXNPn+gdjYWcrjyEHj98a:UA976GZCdICD9weXVt5CbXN5j/89j

Entry address:
0xF0BB

Entry point:
E8, F3, 44, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, F4, 2E, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 10, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, F4, 2E, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F...
 
[+]

Code size:
121.5 KB (124,416 bytes)

The file desk365_update_v6.7.69.exe has been seen being distributed by the following URL.

http://www.reqwhwlg.com/Public/softs/dsk/6.7.69/.../iDeskContain.exe

Remove desk365_update_v6.7.69.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.