feb26_cor_do-search.exe

2764_cor_do-search

Fuyuan Zhou

The application feb26_cor_do-search.exe by Fuyuan Zhou has been detected as adware by 13 anti-malware scanners.
Publisher:
Spy File union  (signed by Fuyuan Zhou)

Product:
2764_cor_do-search

Description:
Spy File union

Version:
6.4.7602.1004

MD5:
145c2863980bb5af5145068c048199ee

SHA-1:
8370902c1a2c0dec3b86bd8aa5173eb5f7474c2c

SHA-256:
54acfc7ae46b1588fdaff19ebe5f9fb2abb3b45a5dfcb23053e222ecdffe2ed8

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 11:58:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
5741931

Arcabit
Application.Elex.1
1.0.0.425

AVG
Generic
2016.0.3082

Bitdefender
Gen:Application.Elex.1
1.0.20.805

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.258
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Elex
10.0.0.5366

ESET NOD32
Win32/ELEX.EC potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Elex.1
5.14.151

G Data
Gen:Application.Elex
15.6.25

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.483

Norman
Gen:Application.Elex.1
02.06.2015 14:23:46

Reason Heuristics
PUP.FuyuanZhou
15.6.10.15

File size:
308.6 KB (316,000 bytes)

Product version:
6.4.7602.1004

Copyright:
Spy File union

Original file name:
SpyFile.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\av check\elex old exe\feb26_cor_do-search.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 2:00:00 AM

Valid to:
1/20/2016 2:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B378A1487E66949A44C8CAE23820481

File PE Metadata
Compilation timestamp:
2/4/2015 10:24:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:u272p1130LudDAOLCdJOmdYRa6XCRsz9tWN5oZXCAf7:u2Sp/0LudJLedG5CRszvTf7

Entry address:
0x17336

Entry point:
E8, 90, BD, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 6C, 2D, 44, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, D8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 6C, 2D, 44, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
5.8705

Code size:
189.5 KB (194,048 bytes)

Remove feb26_cor_do-search.exe - Powered by Reason Core Security