lly1_istartsurf.exe

4869_tug1_istartsurf

Yuxin WANG

The application lly1_istartsurf.exe by Yuxin WANG has been detected as adware by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Yuxin WANG  (signed and verified)

Product:
4869_tug1_istartsurf

Description:
Installer Module

Version:
1, 0, 0, 1

MD5:
c9efbbd1b8d13933f5f1d475887dc4ee

SHA-1:
52b0d313cc80595c0b7624985ab34e5ac840438f

SHA-256:
a1bdbd638d0f8912055f302428e0a8b65a2ebd6c5381d2553dfde027dca2d544

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 7:05:43 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151018

Dr.Web
Adware.Mutabaha.775
9.0.1.0291

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12406

IKARUS anti.virus
BHO.Win32.SupTab
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.210.17534

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.18.08

Microsoft Security Essentials
BrowserModifier:Win32/SupTab
1.1.12101.0

Reason Heuristics
PUP.ELEX.YuxinWANG.Installer (M)
15.10.18.8

File size:
536.2 KB (549,112 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lly1_istartsurf.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/13/2015 2:00:00 AM

Valid to:
8/13/2017 1:59:59 AM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4EE38325A72CE30E8DD31011628FCDB3

File PE Metadata
Compilation timestamp:
9/11/2015 11:27:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:9TwsAln1giCPA6W8XHFlrZtTVq2QBOiVuAC91hrrrrI3:pDbPW+pZtYlBOigAC91+3

Entry address:
0x2E557

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
344 KB (352,256 bytes)

The file lly1_istartsurf.exe has been seen being distributed by the following URL.

Remove lly1_istartsurf.exe - Powered by Reason Core Security