» lly_omiga-plus.exe
Overview
Analysis
File Details
Downloads (2)

lly_omiga-plus.exe

1788_tugs_omiga-plus

Ma Lin

The application lly_omiga-plus.exe by Ma Lin has been detected as adware by 16 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlliuxiaoqing.com and multiple other hosts.

File name:

lly_omiga-plus.exe

Publisher:

One Syn (signed by Ma Lin)

Product:

1788_tugs_omiga-plus

Description:

Syn worker

Version:

6.3.7601.1094

MD5:

331b97d75add85c0359045b6addf48d7

SHA-1:

6430531f58d0b007ca1494e4014d56daa3bda16a

SHA-256:

7ebdb46b90ca02cc8350b9206da785b7cef5114fdf0ba92a95a1a77bb0f0d730

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

11/27/2024 3:16:35 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetize

2014.11.03

Avira AntiVirus

ADWARE/Adware.Gen

7.11.185.112

AVG

Malin

2015.0.3285

Baidu Antivirus

PUA.Win32.LiMo

4.0.3.14114

Dr.Web

Adware.Mutabaha.83

9.0.1.0324

ESET NOD32

Win32/LiMo (variant)

8.10662

Fortinet FortiGate

Riskware/Elex

11/20/2014

IKARUS anti.virus

PUA.SafeSurf

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.14007

Malwarebytes

PUP.Optional.Bundle

v2014.11.20.01

McAfee

Artemis!2D79E522A869

5600.6941

NANO AntiVirus

Riskware.Win32.Mutabaha.diqyjk

0.28.6.63362

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.MaLin.O

14.11.4.2

Sophos

Generic PUA IN

4.98

File size:

563.1 KB (576,592 bytes)

Product version:

6.3.7601.1094

One Syn

Original file name:

Worker.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lly_omiga-plus.exe

Digital Signature

Signed by:

Ma Lin

Authority:

WoSign CA Limited

Valid from:

8/20/2014 4:22:46 AM

Valid to:

7/20/2015 4:22:46 AM

Subject:

CN=Ma Lin, E=chloezhangling@163.com, L=北京市, S=北京市, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

760E23ABF26CF75AE5C944881CCA6DA7

File PE Metadata

Compilation timestamp:

10/21/2014 4:39:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Mg1gOyAI8OK+Df23syHi3HeHNu/SXATpPTOZZNVGP6:V1HyUqet6SwNTiZNVGy

Entry address:

0x3FBA5

Entry point:

E8, 56, 04, 01, 00, E9, 7F, FE, FF, FF, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 98, 26, 48, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 18, 72, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 98, 26, 48, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00... 
[+]

Entropy:

6.1350

Code size:

380.5 KB (389,632 bytes)

The file lly_omiga-plus.exe has been seen being distributed by the following 2 URLs.

http://www.girlliuxiaoqing.com/.../lly_omiga-plus.exe

http://www.girllumin.com/.../lly_omiga-plus.exe

Remove lly_omiga-plus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.