home

lly_omiga-plus.exe

608_tugs

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application lly_omiga-plus.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as a potentially unwanted program by 20 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlzhangtianjiao.com.
Publisher:
Hefei Zhimingxingtong Software&Technology Co., Ltd.  (signed and verified)

Product:
608_tugs

Description:
File Work

Version:
14.4.4.18

MD5:
44a0700b47fd68b581d6ad585b312dec

SHA-1:
c2a9e3c1153c1e248164a257cbd2dacb9211a0cc

SHA-256:
e0dbfc70801b3e093c6060e50786b7a684759959829359d3c68294841a6028f4

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 9:27:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.ELEX
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.06.30

Avira AntiVirus
TR/Dldr.JQVM
7.11.163.248

AVG
Downloader.Generic13
2015.0.3396

Baidu Antivirus
Adware.Win32.Elex
4.0.3.1473

Dr.Web
Adware.Mutabaha.56
9.0.1.0213

ESET NOD32
Win32/ELEX.AQ (variant)
8.10154

Fortinet FortiGate
Adware/ELEX
8/1/2014

K7 AntiVirus
Riskware
13.181.12846

Kaspersky
not-a-virus:AdWare.Win32.ELEX
14.0.0.3475

Malwarebytes
PUP.Optional.SearchHijacker.A
v2014.08.01.12

McAfee
Artemis!FEC3A8922794
5600.7052

NANO AntiVirus
Riskware.Win32.ELEX.dcibld
0.28.2.60990

Qihoo 360 Security
Win32/Trojan.a67
1.0.0.1015

Reason Heuristics
PUP.HefeiZhimingxingtongSoftwareTechnologyCo.O
14.7.10.1

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.14701

Sophos
Generic PUA NO
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Rebnip
10449

Trend Micro House Call
Suspicious_GEN.F47V0717
7.2.213

Vba32 AntiVirus
AdWare.ELEX
3.12.26.3

File size:
622.2 KB (637,112 bytes)

Product version:
14.4.4.18

Copyright:
Copyright (C) 2014

Original file name:
FileWork.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lly_omiga-plus.exe

Digital Signature
Signed by:
Hefei Zhimingxingtong Software&Technology Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/29/2013 9:07:05 AM

Valid to:
10/30/2014 9:07:05 AM

Subject:
CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata
Compilation timestamp:
6/27/2014 2:29:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:UqxrcG9PMGOqVyHjCb6xByDdcl3A/IdppSdBK6HuIRAr0DpKt14I0Cxs:Uqx990GOqVnIGzK6HueJwtMCi

Entry address:
0x4E2AF

Entry point:
E8, 21, EF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 80, A3, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 35, A3, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, C0, 38, 48, 00, FF, 15, 60, A2, 46, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, C4, 38, 48, 00, 74, 40, 56, E8, A8, 40, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 98, 40, 00, 00, 59, E8, 5B, B1, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Entropy:
6.1323

Code size:
417 KB (427,008 bytes)

The file lly_omiga-plus.exe has been seen being distributed by the following URL.

http://www.girlzhangtianjiao.com/hpnt/.../lly_omiga-plus.exe

Remove lly_omiga-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.