jk229_xx_ld.exe

经络养身坊

湖南蓝途方鼎科技有限公司

The application jk229_xx_ld.exe by 湖南蓝途方鼎科技有限公司 has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from yang.024st.com.
Publisher:
湖南蓝途方鼎科技有限公司  (signed and verified)

Product:
经络养身坊

Description:
经络养身坊 安装应用程序

Version:
1, 0, 0, 3

MD5:
daece3b2eaa23d78254a24db791149a3

SHA-1:
cccb8ea99a81c7ceded8d3b2e7ecd08343749be1

SHA-256:
b1c157d747d0fa3c19418ea015e6e0fcabfa5316ff2ead71867d48ac4f19bec6

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:23:08 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

avast!
Win32:Adware-gen [Adw]
2014.9-160528

Dr.Web
Adware.Weiduan.11
9.0.1.0149

ESET NOD32
Win32/Kuping.K potentially unwanted (variant)
10.13548

Fortinet FortiGate
Riskware/Kuping
5/28/2016

G Data
Win32.Application.Agent.FUCBQF
16.5.25

IKARUS anti.virus
PUA.Kuping
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.226.19713

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.144

McAfee
Artemis!DAECE3B2EAA2
5600.6386

Rising Antivirus
PUA.Kuping!8.EB-gxb43op6wgT (Cloud)
23.00.65.16526

File size:
1.1 MB (1,144,552 bytes)

Product version:
1, 0, 0, 3

Copyright:
版权所有 (C) 2016

Original file name:
HouseYangShen.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jk229_xx_ld.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/2/2015 8:00:00 AM

Valid to:
5/2/2016 7:59:59 AM

Subject:
CN=湖南蓝途方鼎科技有限公司, O=湖南蓝途方鼎科技有限公司, L=长沙市, S=湖南省, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2AC01DE88063BADB080008853FDD8C6C

File PE Metadata
Compilation timestamp:
5/20/2016 3:03:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:OWztT7IHxKhvFTFsOyQpaJw/YoCKL80Z4FkMcUzI:FT0HCT+fw/YoCK43F+L

Entry address:
0x4F60

Entry point:
55, 8B, EC, 6A, FF, 68, 00, FD, 40, 00, 68, EC, 50, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 98, F3, 40, 00, 59, 83, 0D, CC, 69, 41, 00, FF, 83, 0D, D0, 69, 41, 00, FF, FF, 15, 94, F3, 40, 00, 8B, 0D, 58, 65, 41, 00, 89, 08, FF, 15, 90, F3, 40, 00, 8B, 0D, 54, 65, 41, 00, 89, 08, A1, 8C, F3, 40, 00, 8B, 00, A3, C8, 69, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 88, 61, 41, 00, 75, 0C, 68, E8, 50, 40, 00, FF, 15, 88, F3...
 
[+]

Entropy:
7.8227

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
56 KB (57,344 bytes)

The file jk229_xx_ld.exe has been seen being distributed by the following URL.

Remove jk229_xx_ld.exe - Powered by Reason Core Security