home

lly_omiga-plus.exe

2592_tugs_omiga-plus

Shulan Hou

The application lly_omiga-plus.exe by Shulan Hou has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlliuxiaowei.com and multiple other hosts.
Publisher:
TabMain  (signed by Shulan Hou)

Product:
2592_tugs_omiga-plus

Description:
TabMain

Version:
6.3.76.1518

MD5:
ff939b6929a6472f97d47d2dab4a24e2

SHA-1:
ea050736d496dac5cd1bd87ed42f596d4a41654b

SHA-256:
da22bbfe5a23a634d9e0ab6d20ebb4ba35cfd6a5536dbb33cc49ee0d44842ea1

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/6/2024 2:44:38 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.122
9.0.1.083

ESET NOD32
Win32/ELEX.CF potentially unwanted application
9.7.0.302.0

K7 AntiVirus
Unwanted-Program
13.202.15335

Reason Heuristics
PUP.Ma Lin.ShulanHou
15.1.27.8

File size:
314.1 KB (321,632 bytes)

Product version:
6.3.76.1518

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lly_omiga-plus.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0FB6FD4A80D186219716435AB3762FB2

File PE Metadata
Compilation timestamp:
1/13/2015 7:10:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:I7Bnvx3mTCG0EnQY7Td8b5rWFX+HDBUeZjpRA:I79xMCfEQ6dw5re+HDGe1A

Entry address:
0x1A58B

Entry point:
E8, 62, C2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
195 KB (199,680 bytes)

The file lly_omiga-plus.exe has been seen being distributed by the following 2 URLs.

http://www.girlliuxiaowei.com/.../lly_omiga-plus.exe

http://www.girlzhangwei.com/.../lly_omiga-plus.exe

Remove lly_omiga-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.