download

Downloader

Ruifeng Network Technology Co., Ltd.

The file download by Ruifeng Network Technology Co. has been detected as adware by 23 anti-malware scanners.
Publisher:
Ruifeng Network Technology Co., Ltd.  (signed and verified)

Product:
Downloader

Version:
6.0.3.9

MD5:
91289404ffa879f121390b81db77ee41

SHA-1:
9bf3ab74ec4a8209ef40ca8434433ddb28241f43

SHA-256:
c1cce27dd68e6bdd1c68f941f94534fad8badffee28dd8109243e14b9c329292

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/24/2024 12:59:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1231378
661

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

Avira AntiVirus
ADWARE/Qjwmonkey.691456
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-150402

AVG
Generic6
2016.0.3139

Bitdefender
Application.Generic.1231378
1.0.20.525

Comodo Security
Application.Win32.Qjwmonkey.ADH
21620

Dr.Web
Adware.Qjwmonkey.7
9.0.1.092

Emsisoft Anti-Malware
Adware.Agent.PLH
8.15.04.15.03

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.11419

Fortinet FortiGate
Riskware/Qjwmonkey
4/15/2015

F-Secure
Adware.Agent.PLH
11.2015-15-04_4

G Data
Adware.Agent.PLH
15.4.25

herdProtect (fuzzy)
2015.7.7.5

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15470

Malwarebytes
PUP.Optional.Chad
v2015.04.15.03

McAfee
Artemis!91289404FFA8
5600.6808

MicroWorld eScan
Adware.Agent.PLH
16.0.0.315

Reason Heuristics
PUP.RuifengNetworkTechnologyCo
15.4.24.0

Sophos
Ruifeng
4.98

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.92

VIPRE Antivirus
Adware Trojan.Win32.Generic
38838

File size:
675.3 KB (691,456 bytes)

Product version:
6.0.3.9

Original file name:
Downloader

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\download

Digital Signature
Authority:
WoSign CA Limited

Valid from:
1/14/2015 9:05:07 AM

Valid to:
1/14/2016 9:05:07 AM

Subject:
CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata
Compilation timestamp:
3/28/2015 1:42:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:OzAhsY9teZqEmqSHPr6h4jAzJGXCx3eK4jy1aHK:Ok3yZpmdHPc6AFGyxf6y1aq

Entry address:
0x156EB

Entry point:
E8, C9, 92, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B8, 9C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 8A, 43, 00, 01, 0F, 82, A8, 94, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
7.1149

Code size:
168.5 KB (172,544 bytes)

Remove download - Powered by Reason Core Security