home

eInstall.exe

Desk 365

337 Technology Limited

The application eInstall.exe, “Desk 365 installer” by 337 Technology Limited has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address a9.a2.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
Desk 365

Description:
Desk 365 installer

Version:
1.15.13.8438

MD5:
7fb450b52a852b7abdd6de9eb3ba70de

SHA-1:
04b4bb42a9fb0643af22dcd8e1e4f6b4b013e552

SHA-256:
98b40e76e91e4b1b36815096522af22d6d26165a283c6f1a47c477349ea41c0e

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/30/2024 11:10:05 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod8fa.Trojan
1.3.0.4415

Boost by Reason
Optional.337TechnologyLimited.I
188838

Comodo Security
ApplicUnwnt
17255

IKARUS anti.virus
not-a-virus:AdWare.Win32.D365
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.Win32.D365
14.0.0.4052

Malwarebytes
PUP.Optional.Desk365.A
v2014.04.07.01

Reason Heuristics
PUP.Installer.337TechnologyLimited.I
14.8.7.20

Trend Micro House Call
TROJ_GEN.F47V0904
7.2.97

Vba32 AntiVirus
AdWare.D365
3.12.24.3

File size:
1.5 MB (1,591,856 bytes)

Product version:
1.15.13.8438

Copyright:
Copyright (C) 2012

Original file name:
eInstall.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\desk365\einstall\einstall.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 11:04:18 AM

Valid to:
6/26/2015 11:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
3/20/2014 2:35:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:F6NOYZfvig3V21emjQO0fROXuHXKVehUZrpma3kzxTLX5GM:5Wfv73I1e+rpmfTLX5GM

Entry address:
0xCB93F

Entry point:
E8, AE, A2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01, 01, 81, 75, 1C, 25...
 
[+]

Code size:
1010 KB (1,034,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a9.a2.a86c.ip4.static.sl-reverse.com  (108.168.162.169:80)

TCP (HTTP):
Connects to 1a.2d.6132.ip4.static.sl-reverse.com  (50.97.45.26:80)

Remove eInstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.