elextech_setup.exe

1053_ium_istartsurf

Liyan Liu

The application elextech_setup.exe by Liyan Liu has been detected as adware by 14 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
File Syn  (signed by Liyan Liu)

Product:
1053_ium_istartsurf

Description:
FileWork

Version:
6.1.7601.675

MD5:
c3b12c4fb313067590b089cb3610f46a

SHA-1:
152e7d2c1d7bda2f9476f09c6041c0deb0415849

SHA-256:
29a066c8f3cd0d9552aecc614223f309d78b1d6ca6ab138b8ef9999e03d564aa

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
12/25/2024 1:55:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.08.23

AVG
Generic
2015.0.3360

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1496

Dr.Web
Adware.Mutabaha.67
9.0.1.0249

ESET NOD32
Win32/ELEX.AT (variant)
8.10300

Malwarebytes
PUP.Optional.SearchHijacker.A
v2014.09.06.05

McAfee
Downloader-FAGU!C3B12C4FB313
5600.7016

NANO AntiVirus
Riskware.Win32.Mutabaha.deayba
0.28.2.61721

Panda Antivirus
Trj/Genetic.gen
14.09.06.05

Reason Heuristics
PUP.Installer.LiyanLiu.O
14.9.6.5

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.14904

SUPERAntiSpyware
Trojan.Agent/Gen-Rebhip
10377

VIPRE Antivirus
Elex Installer
32462

File size:
774.9 KB (793,472 bytes)

Product version:
6.1.7601.675

Copyright:
SynWork

Original file name:
SynWork.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\elextech_setup.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/27/2015 1:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06A374858107D7F624D3CC328C92248A

File PE Metadata
Compilation timestamp:
8/1/2014 10:33:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:eb0KHeJtitW9ANYOVlxCiaqdxPATOuhtuge:K01JtOxlwAmT5vuge

Entry address:
0x3E9EF

Entry point:
E8, 7E, 07, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 1C, 0F, 4B, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 18, E1, 4A, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 1C, 0F, 4B, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00...
 
[+]

Entropy:
6.4220

Code size:
564.5 KB (578,048 bytes)

Remove elextech_setup.exe - Powered by Reason Core Security