home

dl.picexa.com

YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service)

Domain Information

The domain dl.picexa.com registered by YinSi BaoHu Yi KaiQi (Hidden by Whois Privacy Protection Service) was initially registered in March of 2015 through HICHINA ZHICHENG TECHNOLOGY LTD.. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Dallas, Texas within the United States.
Registrar:
HICHINA ZHICHENG TECHNOLOGY LTD.

Server location:
Texas, United States (US)

Create date:
Thursday, March 12, 2015

Expires date:
Tuesday, March 12, 2019

Updated date:
Monday, February 1, 2016

ASN:
AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:
picexa.com

Whois:
2 picexa.com records

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Kaspersky
not-a-virus:Downloader.Win32.AdLoad, UDS:DangerousObject.Multi.Generic, Virus.Win32.Nimnul, Virus.Win32.Sality, Virus.Win32.Virut
62.22%

Dr.Web
Adware.Mutabaha.377, Adware.Mutabaha.515, Adware.Mutabaha.229, Adware.Mutabaha.642, Adware.Mutabaha.799, Adware.Mutabaha.850, Threat.Undefined, Adware.Mutabaha.684, Adware.Mutabaha.925
55.56%

McAfee
Artemis!B28ED94BCC80, Artemis!A9C6A6F8CB7D, Artemis!D80968E5D370, Artemis!EA0DBFA28769, RDN/Generic Downloader.x, Artemis!7219650DAE04
46.67%

ESET NOD32
Win32/ELEX.EO potentially unwanted application, Win32/ELEX.HE potentially unwanted application, Win32/Ramnit.H virus, Win32/Sality.NBA virus
44.44%

avast!
Win32:Malware-gen, Win32:RmnDrp, Win32:PUP-gen [PUP], Win32:Kukacka, Win32:Vitro, Win32:Apanas [Trj]
44.44%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, Virus.Win32.Neshta.a
42.22%

Emsisoft Anti-Malware
Trojan.GenericKD.2451492, Trojan.GenericKD.2481526, Trojan.GenericKD.2514224, Trojan.GenericKD.2634023, Trojan.GenericKD.2661238, Adware.Adload.Y, Win32.Sality
40.00%

Reason Heuristics
PUP.Thinknice.Installer, PUP.Thinknice.TaiwanShuiMuChihChingTechnology.Installer (M), Threat.Win.Reputation.IMP, PUP.ELEX
35.56%

Panda Antivirus
Generic Suspicious, Trj/Genetic.gen, W32/Neshta.A
33.33%

AVG
Generic36, Generic6, Elex, Win32/Zbot.G, Win32/Sality, Worm/Delf
33.33%

Microsoft Security Essentials
Threat.Undefined, Virus:Win32/Neshta.A
33.33%

Baidu Antivirus
Hacktool.Win32.AdLoad, Adware.Win32.AdLoad, Adware.Win32.NsisInstall, Adware.Win32.ELEX, Virus.Win32.Neshta.$a
28.89%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4732184, Threat.4721115, Threat.4120919, Virus.Win32.Neshta.a
28.89%

Norman
Gen:Variant.Application.Elex.5, Adware.Adload.Y, Win32.Ramnit.N, Gen:Variant.Jaik.8709, Win32.Sality.3, Adware.Agent.QDZ
28.89%

F-Prot
W32/Ramnit.E, W32/Ramnit.D, W32/Sality.gen2, W32/Ramnit.B!Generic, W32/Virut.AI!Generic, W32/HLLP.41472
28.89%

The domain dl.picexa.com has been seen to resolve to the following 4 IP addresses.

208.43.232.117
208.43.232.117-static.reverse.softlayer.com
January 3, 2016

208.43.232.115
208.43.232.115-static.reverse.softlayer.com
January 3, 2016

208.43.232.114
208.43.232.114-static.reverse.softlayer.com
January 3, 2016

173.193.171.11
b.ab.c1ad.ip4.static.sl-reverse.com
January 3, 2016

File downloads found at URLs served by dl.picexa.com.

38 / 68    (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.38/.../pxdownloader.exe  (2625d13bb1c3ca9119f839703ab885d9)

21 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.70/.../px2yac.exe  (9525fcce4a821d42a936f05fc18aa2e5)

7 / 68      (Malware)
http://dl.picexa.com/update/new.2.0/px/2.1.77/.../px2yac.exe  (f2af2b871d5042c62e125dd62805f5b6)

8 / 68      (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.79/.../px2yac.exe  (5f491232e7aab08a5287de4090e920d2)

8 / 68      (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.73/.../px2yac.exe  (501fd25b741c4f003e10f13bbc37dbb9)

10 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.81/.../px2yac.exe  (533d2cc4524a445a565a4a85e59dc5c7)

11 / 68    (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.21/.../pxdownloader.exe  (db0d65142db4cad741cd40f0098e4f91)

7 / 68      (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.58/.../px2yac.exe  (ae08d237cd3ea56e90e4aa5f7a98f1a3)

5 / 68      (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.42/.../pxdownloader.exe  (px_update_v2.1.42.exe)

17 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.69/.../px2yac.exe  (px_update_v2.1.73.exe)

9 / 68      (Infected)
http://dl.picexa.com/update/new.2.0/px/2.1.60/.../px2yac_20151015.exe  (b7cf8da951e66a8f4b02e4b16cedd1b8)

1 / 68      (Adware)
http://dl.picexa.com/download/.../picexa.exe  (ccf5039241f657549d4287bd566aff66)

2 / 68      (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.24/.../pxdownloader.exe  (px_update_v2.1.24.exe)

1 / 68      (Adware)
http://dl.picexa.com/update/new.2.0/px/2.1.37/.../Picexa_setup_update.exe  (px_update_v2.1.37.exe)

1 / 68      (Adware)
http://dl.picexa.com/update/new.2.0/px/2.1.54/.../Picexa_setup_update.2.1.54.330.exe  (px_update_v2.1.54.exe)

1 / 68      (Malware)
http://dl.picexa.com/update/new.2.0/px/2.1.65/.../px2yac.exe  (px_update_v2.1.65.exe)

12 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.29/.../pxdownloader.exe  (px_update_v2.1.29.exe)

4 / 68      (Adware)
http://dl.picexa.com/update/new.2.0/px/2.1.51/.../Picexa_setup_update.exe  (px_update_v2.1.51.exe)

13 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.54/.../px2yac_2015.08.20_out.exe  (7219650dae0471c0325c4d9fa79e17c8)

7 / 68      (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.46/.../pxdownloader.exe  (ea0dbfa28769150693383091e3a75b06)

5 / 68      (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.55/.../px2yac_2015.9.14_out.exe  (px_update_v2.1.55.exe)

25 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.52/.../picx_2015.8.6_134_out.exe  (ae8cc6ea490bb8897050cf5a4c97e13d)

18 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.56/.../px2up_2015.09.16_out.exe  (d797bbe13951bb18fc8a4b0bbeffc790)

18 / 68    (PUP)
http://dl.picexa.com/update/new.2.0/px/2.1.65/.../2015.10.28px2yac_out.exe  (ebda8d0763c1cf199820f4653d5909a7)

The following file have been seen to comunicate with dl.picexa.com in live environments.

TCP » 208.43.232.117:80
wprotectmanager.exe (wmp control by Cherished Technololgy LIMITED)

URL:
http://dl.picexa.com/

Web server:
openresty

4-zip.com

abbhelpu.com

ali-b2c.com

astrills.com

brot-soft.com

globo-360.com

puphelp.com

qihutechs.com

wseclub.com

downkegja.com

downkfadx.com

downkhpiw.com

downkjcme.com

soft365.com

win10-apps.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.