jan7_corfr_sweet-page.exe

2463_corfr_sweet-page

Ma Lin

The application jan7_corfr_sweet-page.exe by Ma Lin has been detected as adware by 17 anti-malware scanners.
Publisher:
Spy File union  (signed by Ma Lin)

Product:
2463_corfr_sweet-page

Description:
Spy File union

Version:
6.4.7602.1002

MD5:
bca9f06a890b12b2c73b16e95794b1cd

SHA-1:
2b44bf30f904b8e71986fc3eac0b3bca95fe0c36

SHA-256:
eb6bcde1c6a8d53d18f647123b4c1282accf16cdb567c26c419c6f8479de4fae

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
12/24/2024 4:16:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
5736492

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Application.Elex.1
1.0.0.425

AVG
Generic
2016.0.3082

Bitdefender
Gen:Application.Elex.1
1.0.20.805

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.288
9.0.1.0166

Emsisoft Anti-Malware
Gen:Application.Elex
10.0.0.5366

ESET NOD32
Win32/ELEX.EC potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Elex.1
5.14.151

G Data
Gen:Application.Elex
15.6.25

K7 AntiVirus
Adware
13.204.16199

Malwarebytes
PUP.Optional.KeyFind.A
v2015.06.15.05

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.483

Norman
Gen:Application.Elex.1
02.06.2015 14:23:46

Reason Heuristics
PUP.MaLin
15.6.10.15

VIPRE Antivirus
Trojan.Win32.Generic
40234

File size:
298 KB (305,192 bytes)

Product version:
6.4.7602.1002

Copyright:
Spy File union

Original file name:
SpyFile.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\av check\elex old exe\jan7_corfr_sweet-page.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
1/5/2015 10:50:44 AM

Valid to:
8/5/2015 11:50:44 AM

Subject:
CN=Ma Lin, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
1972DAA9B51FE3DDD85BAF2096319CF6

File PE Metadata
Compilation timestamp:
1/4/2015 8:48:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:s/0SC1S3SLrvAXnpxpgtgCbn++6dHdUDxYH+Zo:s/0l6F1wgSf6Fko

Entry address:
0x1541D

Entry point:
E8, C4, A5, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 50, C5, 43, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, B7, 2C, 00, 00, 59, FF, 34, F5, 50, C5, 43, 00, FF, 15, F0, C0, 42, 00, 5E, 5D, C3, 56, 57, BE, 50, C5, 43, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, F8, C0, 42, 00, 53, E8, 86, AD, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 70, C6, 43, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Entropy:
5.7560

Code size:
171 KB (175,104 bytes)

Remove jan7_corfr_sweet-page.exe - Powered by Reason Core Security