lly_webssearches.exe

585_tugs

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application lly_webssearches.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlmoli.com and multiple other hosts.
Publisher:

Product:
585_tugs

Description:
File Work

Version:
14.4.4.18

MD5:
cf39ac8e932d3519e6e10897bce8c8a6

SHA-1:
caa6b3eda8c56082a00548256d58aca1e5754302

SHA-256:
216b9f6c1cab0c3b62c9ccb7adae3b0c86d6eadaf92f4a3918e5b1a0a14a6107

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 5:25:58 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.ELEX
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.06.29

Avira AntiVirus
TR/Dldr.JQVM
7.11.163.248

AVG
Downloader.Generic13
2015.0.3396

Baidu Antivirus
Adware.Win32.Elex
4.0.3.14628

Dr.Web
Adware.Mutabaha.56
9.0.1.0213

ESET NOD32
Win32/ELEX.AQ (variant)
8.10154

Fortinet FortiGate
Adware/ELEX
8/1/2014

K7 AntiVirus
Riskware
13.181.12846

Kaspersky
not-a-virus:AdWare.Win32.ELEX
14.0.0.3475

Malwarebytes
PUP.Optional.SearchHijacker.A
v2014.08.01.12

McAfee
Artemis!FEC3A8922794
5600.7052

NANO AntiVirus
Riskware.Win32.ELEX.dcibld
0.28.2.60990

Qihoo 360 Security
Win32/Trojan.a67
1.0.0.1015

Reason Heuristics
PUP.HefeiZhimingxingtongSoftwareTechnologyCo.Q
14.7.10.1

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.14626

Sophos
Generic PUA NO
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Rebnip
10449

Trend Micro House Call
Suspicious_GEN.F47V0717
7.2.213

Vba32 AntiVirus
AdWare.ELEX
3.12.26.3

File size:
622.2 KB (637,112 bytes)

Product version:
14.4.4.18

Copyright:
Copyright (C) 2014

Original file name:
FileWork.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\lly_webssearches.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/29/2013 10:07:05 AM

Valid to:
10/30/2014 10:07:05 AM

Subject:
CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata
Compilation timestamp:
6/27/2014 3:29:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:TqxrcG9PMGOqVyHjCb6xByDdcl3A/IdppSdBK6HuIRAr0DpKt14I0Oxf:Tqx990GOqVnIGzK6HueJwtMOp

Entry address:
0x4E2AF

Entry point:
E8, 21, EF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 80, A3, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 35, A3, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, C0, 38, 48, 00, FF, 15, 60, A2, 46, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, C4, 38, 48, 00, 74, 40, 56, E8, A8, 40, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 98, 40, 00, 00, 59, E8, 5B, B1, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Code size:
417 KB (427,008 bytes)

The file lly_webssearches.exe has been seen being distributed by the following 2 URLs.

Remove lly_webssearches.exe - Powered by Reason Core Security