home

g6psnzxtvn.exe

3589_exp_oursurfing

Taiming Li

The application g6psnzxtvn.exe by Taiming Li has been detected as adware by 17 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
768  (signed by Taiming Li)

Product:
3589_exp_oursurfing

Description:
768

Version:
6,3,7601,2068

MD5:
09f502f657585a6f857903efd7820239

SHA-1:
d724c0782cb4a3426d750b8c078092b2d11d53aa

SHA-256:
ae93869498221ac0233df434f1ec29c5dd63cc6101777e43b1283e56e7163164

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
12/26/2024 1:39:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:WrongInf-A [Susp]
2014.9-150807

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1559

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
W32.Sality-56
0.98/21511

Comodo Security
Win32.Kashu.B
22000

Dr.Web
Adware.Mutabaha.359
9.0.1.05190

ESET NOD32
Win32/ELEX.DY potentially unwanted (variant)
9.11722

herdProtect (fuzzy)
variant of wpc_mystartsearch.exe
2015.8.7.11

IKARUS anti.virus
Trojan.Win32.Genome
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.204.16108

Malwarebytes
PUP.Optional.OurSeaching.A
v2015.05.09.08

NANO AntiVirus
Virus.Win32.Sality.bgiylc
0.30.24.1357

Quick Heal
PUA.MSJDGBTIR.OD6
5.15.14.00

Reason Heuristics
PUP.Ma Lin.TaimingLi
15.5.9.19

Sophos
Elex
4.98

VIPRE Antivirus
Threat.4655019
39486

File size:
472.5 KB (483,808 bytes)

Product version:
6,3,7601,2068

Copyright:
mysl

Original file name:
768

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\g6psnzxtvn.exe

Digital Signature
Signed by:
Taiming Li

Authority:
DigiCert Inc

Valid from:
12/8/2014 3:00:00 AM

Valid to:
12/16/2015 3:00:00 AM

Subject:
CN=Taiming Li, O=Taiming Li, L=Shennongjia, S=Hubei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07285DD3D7C717F258A4296418AE255F

File PE Metadata
Compilation timestamp:
3/27/2015 1:00:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:3ICUcYNzj0jO2WMux0Y7XZir3RYA2vfPW17aTBFZMf1sJCqmJ:l2/fXC2Jir3Klvf47aTfZMfamJ

Entry address:
0x1F7DC

Entry point:
E8, 94, 6F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B4, BB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B4, BB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85...
 
[+]

Code size:
335.5 KB (343,552 bytes)

Remove g6psnzxtvn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.