lly1_istartsurf.exe

4960_tug1_istartsurf

Minidigital Technology Co., Limited

The application lly1_istartsurf.exe by Minidigital Technology Co., Limited has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Minidigital Technology Co., Limited  (signed and verified)

Product:
4960_tug1_istartsurf

Description:
Installer Module

Version:
1.0.0.2

MD5:
c94deed46e4a57dbb30afa4e80dd3bc7

SHA-1:
e6f218d5c82bc3394e0ffe8db85175cdb9346f49

SHA-256:
a9c55dbf3f1acd36cf86edd574ac81175d9040333b37f055f7e5d58049b9f705

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 8:09:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-151022

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151022

Dr.Web
Adware.Mutabaha.704
9.0.1.0295

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12441

F-Secure
Gen:Variant.Application.Jatif
11.2015-24-10_7

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.22.08

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo.Installer (M)
15.10.22.20

VIPRE Antivirus
Minidigital Technologies
44706

File size:
538.7 KB (551,600 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lly1_istartsurf.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/20/2015 12:35:25 AM

Valid to:
6/21/2016 4:55:40 AM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219BD1163E204BF21FC46798FAB82CA248

File PE Metadata
Compilation timestamp:
10/15/2015 12:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:2OadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrVu:oEwgWCOEuvFM4+saDvXN9iPu

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

The file lly1_istartsurf.exe has been seen being distributed by the following URL.

Remove lly1_istartsurf.exe - Powered by Reason Core Security