lly1_istartsurf.exe

4960_tug1_istartsurf

Giner Tech Inc

The application lly1_istartsurf.exe by Giner Tech Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Giner Tech Inc  (signed and verified)

Product:
4960_tug1_istartsurf

Description:
Installer Module

Version:
1.0.0.2

MD5:
d6f9cd4ab10bacf62d63214b8be3b825

SHA-1:
904102876c57198250aa840ec901ffc4bafc452c

SHA-256:
54ba9ee25c2827e5a8d5b3f3f2dda1d8e128394b3fcc34710368115950a00712

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 8:06:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice.GinerTech.Installer (M)
16.1.17.16

File size:
538.6 KB (551,560 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lly1_istartsurf.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/19/2015 5:31:10 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112106B3EDF5DE21FE5DD0E0F44EB00F51DB

File PE Metadata
Compilation timestamp:
10/15/2015 7:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:IOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrryY:WEwgWCOEuvFM4+saDvXN9ioY

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

The file lly1_istartsurf.exe has been seen being distributed by the following URL.

http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe

Remove lly1_istartsurf.exe - Powered by Reason Core Security