echo回声辅助@34_126756.exe

downloader

Hefei Lewei Information Technology Co.,Ltd.

The application echo回声辅助@34_126756.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 26 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:

Product:
downloader

Version:
1.0.3.1

MD5:
fb6999986e7eab47328c1758d531e120

SHA-1:
beba4a40bd49fb153ef154177a93bb539ca0a852

SHA-256:
18eff44981baf5386190e536ff18e8e7cc5333382c57b8bbf9b3003e84ff1b79

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:41:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.84
132

Avira AntiVirus
APPL/Qjwmonkey.cfk
8.3.3.4

Arcabit
Trojan.Application.Bundler.84
1.0.0.672

avast!
Win32:Adware-gen [Adw]
2014.9-160925

Baidu Antivirus
Win32.Adware.Qjwmonkey
4.0.3.16925

Bitdefender
Gen:Variant.Application.Bundler.84
1.0.20.1345

Clam AntiVirus
Win.Trojan.Agent-1395917
0.98/21511

Comodo Security
ApplicUnwnt
24933

Dr.Web
Adware.Qjwmonkey.66
9.0.1.0269

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
10.13442

Fortinet FortiGate
Riskware/Qjwmonkey
9/25/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-25-09_1

G Data
Gen:Variant.Application.Bundler.84
16.9.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.224.19517

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.-456

McAfee
Artemis!FB6999986E7E
5600.6266

MicroWorld eScan
Gen:Variant.Application.Bundler.84
17.0.0.807

Panda Antivirus
Trj/CI.A
16.09.25.03

Quick Heal
AdWare.Agent.r5 (Not a Virus)
9.16.14.00

Rising Antivirus
Malware.Undefined!8.C-n12jxWSayIU (Cloud)
23.00.65.16923

Sophos
Generic PUA LO (PUA)
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
49154

ViRobot
Adware.Qjwmonkey.779864.A[h]
2014.3.20.0

Zillya! Antivirus
Adware.Qjwmonkey.Win32.133
2.0.0.2842

File size:
761.6 KB (779,864 bytes)

Product version:
1.0.3.1

Original file name:
downloader

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\echo回声辅助@34_126756.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
4/15/2016 2:20:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:hpSuBb8SCzUNEkY4+QdBRBq8BZhR+NUNy8d3eNU:uuBgW6bQdBRBLtR+NU/d3eNU

Entry address:
0x21BCB

Entry point:
E8, C9, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 05, B2, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.7244

Code size:
230.5 KB (236,032 bytes)

Remove echo回声辅助@34_126756.exe - Powered by Reason Core Security