hack 2 adf.ly.exe

流量精灵

Rice Electronics Co.,Ltd

The application hack 2 adf.ly.exe by Rice Electronics Co.,Ltd has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download661.mediafire.com and multiple other hosts. While running, it connects to the Internet address li1498-22.members.linode.com on port 443.
Publisher:
精灵软件  (signed by Rice Electronics Co.,Ltd)

Product:
流量精灵

Version:
2012.9.23.94

MD5:
7366655d3a75d068061ed2985bfee017

SHA-1:
0a2be2793d35ff7225093ff5c60379a7a3332612

SHA-256:
b6e8a521bad297f87eddfc1d9f30e09cf25c996453a41510700a3cad1542c89e

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:27:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.341271
667

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Clicker
2015.04.08

Avira AntiVirus
ADWARE/Agent.YXT.2
3.6.1.96

Bitdefender
Adware.Generic.341271
1.0.20.495

Comodo Security
Heur.Suspicious
21687

Dr.Web
Trojan.DownLoader9.16155
9.0.1.099

Emsisoft Anti-Malware
Adware.Generic.341271
8.15.04.09.06

ESET NOD32
Win32/FlowSpirit potentially unsafe
9.11440

Fortinet FortiGate
Adware/Agent
4/9/2015

F-Secure
Adware.Generic.341271
11.2015-09-04_5

G Data
Adware.Generic.341271
15.4.25

K7 AntiVirus
Trojan
13.202.15516

McAfee
Artemis!7366655D3A75
5600.6801

MicroWorld eScan
Adware.Generic.341271
16.0.0.297

NANO AntiVirus
Trojan.Win32.Parite.bdaxcz
0.30.10.952

nProtect
Trojan-Clicker/W32.Agent.639920
15.04.07.01

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Sophos
Generic PUA AK
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0OK214
7.2.99

Trend Micro
TROJ_GEN.R0C1C0OK214
10.465.09

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

ViRobot
Trojan.Win32.S.Clicker.639920[h]
2014.3.20.0

Zillya! Antivirus
Adware.Agent.Win32.6481
2.0.0.2130

File size:
624.9 KB (639,920 bytes)

Product version:
3.4.6.1

Copyright:
Copyright 2012 Spiritsoft All Rights Reserved.

Original file name:
jingling.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/3/2011 7:30:00 PM

Valid to:
11/3/2012 7:29:59 PM

Subject:
CN="Rice Electronics Co.,Ltd", OU=VTN Support, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Rice Electronics Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2AFDF409C5B747EF1F1BA5905A0DD798

File PE Metadata
Compilation timestamp:
9/22/2012 4:24:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:Dn0dkroR7YWH4M0KLzYUdSqjXuFgEukbN2hfKPHCiv/GTBS9VmRMVGkfMrw:Dn0nYWHLl/HNjlk+6Civ/GTc9F0c

Entry address:
0x49DF8

Entry point:
E8, 0C, BC, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1...
 
[+]

Code size:
423.5 KB (433,664 bytes)

The file hack 2 adf.ly.exe has been seen being distributed by the following 3 URLs.

http://download661.mediafire.com/fdz5pdw9860g/.../hack de adf.ly.exe

http://download2031.mediafire.com/hm29m8l47ylg/.../hack de adf.ly.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to v133-130-91-14.a020.g.tyo1.static.cnode.io  (133.130.91.14:80)

TCP (HTTP):
Connects to 203.130.60.49-BJ-CNC  (203.130.60.49:80)

TCP (HTTP):

TCP (HTTP):
Connects to IZU17D6GWZOZ  (47.88.22.102:80)

TCP (HTTP):
Connects to ip-107-180-4-95.ip.secureserver.net  (107.180.4.95:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to as1-do-spr.gitbook.me  (128.199.158.79:443)

TCP (HTTP):
Connects to a2-16-4-154.deploy.akamaitechnologies.com  (2.16.4.154:80)

TCP (HTTP SSL):
Connects to server-54-192-201-67.fra50.r.cloudfront.net  (54.192.201.67:443)

TCP (HTTP SSL):
Connects to a2-16-31-65.deploy.akamaitechnologies.com  (2.16.31.65:443)

TCP (HTTP SSL):
Connects to a172-227-15-146.deploy.static.akamaitechnologies.com  (172.227.15.146:443)

TCP (HTTP):
Connects to 203.130.62.20-BJ-CNC  (203.130.62.20:80)

TCP (HTTP):
Connects to 203.130.61.92-BJ-CNC  (203.130.61.92:80)

TCP (HTTP):
Connects to 203.130.60.50-BJ-CNC  (203.130.60.50:80)

TCP (HTTP SSL):
Connects to server-52-85-59-67.lhr50.r.cloudfront.net  (52.85.59.67:443)

TCP (HTTP SSL):
Connects to ec2-52-213-54-21.eu-west-1.compute.amazonaws.com  (52.213.54.21:443)

TCP (HTTP SSL):
Connects to dg-in-f95.1e100.net  (209.85.202.95:443)

TCP (HTTP SSL):
Connects to a72-247-92-74.deploy.akamaitechnologies.com  (72.247.92.74:443)

Remove hack 2 adf.ly.exe - Powered by Reason Core Security