istartsurf.exe

3198_pcs_istartsurf

Xiaoqing Liu

The application istartsurf.exe by Xiaoqing Liu has been detected as adware by 13 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
ogu  (signed by Xiaoqing Liu)

Product:
3198_pcs_istartsurf

Description:
ogu

Version:
6,3,7601,2017

MD5:
349860beb9045c163373e9e196651708

SHA-1:
1e85cafbf4df3904983227b58c91146e3736ffab

SHA-256:
349205b23ae4ad73a0171ad0f4f43bcb26a26c544d3b87b70624e309b528cce6

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 6:06:28 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
2014.9-150430

AVG
Potentially harmful program Downloader
2016.0.3124

Baidu Antivirus
PUA.Win32.ELEX
4.0.3.15430

Dr.Web
Adware.Mutabaha.228, Adware.Mutabaha.190
9.0.1.0120

ESET NOD32
Win32/ELEX.CE potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
2015.7.30.4

K7 AntiVirus
Trojan
13.201.15304

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.04.30.07

McAfee
Program.Artemis!349860BEB904
5600.6780

Reason Heuristics
PUP.Li Mo.XiaoqingLiu
15.4.30.7

Sophos
PUA 'Elex' (of type Adware)
5.13

Trend Micro House Call
Suspicious_GEN.F47V0318
7.2.120

VIPRE Antivirus
Threat.4726263
38050

File size:
179.4 KB (183,752 bytes)

Product version:
6,3,7601,2017

Copyright:
ocjs

Original file name:
ogu

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\istartsurf.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/13/2014 8:00:00 AM

Valid to:
8/17/2015 8:00:00 PM

Subject:
CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EBAB4AC38B70A33EE517D238BDE49D7

File PE Metadata
Compilation timestamp:
3/16/2015 4:04:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:cxy0k7iy0KLwD2DvG6Bo0p3LsZ/pABZ+phU9Xx6W8G5ZY:cxk7iy0fKzGCvhIpABZWmpn5ZY

Entry address:
0x106D6

Entry point:
E8, C7, 62, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 74, 76, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, C8, 50, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 74, 76, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
6.0101

Code size:
104 KB (106,496 bytes)

Remove istartsurf.exe - Powered by Reason Core Security