» lly_istartsurf.exe
Overview
Analysis
File Details
Downloads (2)

lly_istartsurf.exe

1255_tugs_istartsurf

Li Mo

The application lly_istartsurf.exe by Li Mo has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girllumin.com and multiple other hosts.

File name:

lly_istartsurf.exe

Publisher:

File Syn (signed by Li Mo)

Product:

1255_tugs_istartsurf

Description:

FileWork

Version:

6.1.7602.748

MD5:

cad5eb694556023347f762128580ac04

SHA-1:

b737b3143b5bb939c7f8087d30b84d45a697edfb

SHA-256:

1d22c79a39a882b7dcc88b88d4a7369235277dde2f7bcc187adc61d381be8566

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

11/23/2024 11:36:01 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Mutabaha

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2014.09.01

Dr.Web

Adware.Mutabaha.70

9.0.1.05190

Malwarebytes

PUP.Optional.SearchHijacker.A

v2014.08.31.07

McAfee

Artemis!68E4FBAA32C6

5600.7011

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.LiMo.O

14.9.11.21

Trend Micro House Call

Suspicious_GEN.F47V0820

7.2.254

File size:

650.4 KB (665,976 bytes)

Product version:

6.1.7602.748

SynWork

Original file name:

SynWork.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lly_istartsurf.exe

Digital Signature

Signed by:

Li Mo

Authority:

DigiCert Inc

Valid from:

8/4/2014 2:00:00 AM

Valid to:

8/12/2015 2:00:00 PM

Subject:

CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F53999A8B9372F6AAC4844D7A5BE2CE

File PE Metadata

Compilation timestamp:

8/15/2014 7:47:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:DDBDrRvl1ExbmotxmBEQwHEv8R0xOI4Hyrspx/quh:DlHZLEx1txmeC74+Q/quh

Entry address:

0x2EF3F

Entry point:

E8, 3D, E9, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B4, 21, 49, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, F8, 48, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B4, 21, 49, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00... 
[+]

Code size:

481.5 KB (493,056 bytes)

The file lly_istartsurf.exe has been seen being distributed by the following 2 URLs.

http://www.girllumin.com/.../lly_istartsurf.exe

http://www.girlyaoyao.com/.../lly_istartsurf.exe

Remove lly_istartsurf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.