lly_sweet-page.exe

183_tugs

Skytouch Technology Co., Limited

The application lly_sweet-page.exe by Skytouch Technology Co., Limited has been detected as adware by 13 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.po414.net.
Publisher:
Wish Application  (signed by Skytouch Technology Co., Limited)

Product:
183_tugs

Description:
Wish Application

Version:
5.1.0.234

MD5:
0bf8b284d3c26ff37e133d854de0ac1e

SHA-1:
8beb1399007148daccc4a6f225098434a3f5c322

SHA-256:
22abaf6e6523db0470dd7998b3d789e38334fd07d0a0a4a1cfbe40ea3aac6291

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/24/2024 5:12:26 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Skytech
2015.0.3453

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1464

Dr.Web
Adware.Mutabaha.50
9.0.1.0155

ESET NOD32
Win32/ELEX.AF (variant)
8.9725

Fortinet FortiGate
Riskware/Elex
7/10/2014

G Data
Win32.Application.SubTab
14.6.24

Malwarebytes
PUP.Optional.SkyTech.A
v2014.06.04.03

McAfee
Artemis!E371C455F13C
5600.7074

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.O
14.6.4.15

Trend Micro House Call
TROJ_GEN.F47V0422
7.2.191

VIPRE Antivirus
Trojan.Win32.Generic
29290

File size:
582.1 KB (596,120 bytes)

Product version:
5.1.0.234

Copyright:
Wish Application Setup 1.0

Original file name:
Wish.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\lly_sweet-page.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 7:52:17 AM

Valid to:
7/9/2014 10:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
4/21/2014 5:12:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ih5T3JUal/3Vym3qlhxS8KNQa3IqAl+r3WnY:45jJUalMm3qlhxShND6nY

Entry address:
0x2AD22

Entry point:
E8, CC, C4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 5D, E9, 00, 00, 00, 00, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 75, 11, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, D9, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, DA, 91, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, B2, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, B3, 91, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF...
 
[+]

Entropy:
5.2843

Code size:
297 KB (304,128 bytes)

The file lly_sweet-page.exe has been seen being distributed by the following URL.

Remove lly_sweet-page.exe - Powered by Reason Core Security