llys_istartsurf.exe

4845_tugss_istartsurf

Minidigital Technology Co., Limited

The application llys_istartsurf.exe by Minidigital Technology Co., Limited has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Minidigital Technology Co., Limited  (signed and verified)

Product:
4845_tugss_istartsurf

Description:
Installer Module

Version:
1, 0, 0, 1

MD5:
a34d1cce8ae56ddafd99cbe122e6e22d

SHA-1:
948bfe0651283b420406dbb3b436bbc0d3600d33

SHA-256:
5e92ffc1f42adab2c6f9ce3b3295e8ddd11ea30c03794f017a0b26b696fdf429

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 7:49:52 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-151004

Dr.Web
Adware.Mutabaha.704
9.0.1.0277

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12352

Fortinet FortiGate
Riskware/Elex
10/4/2015

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

K7 AntiVirus
Riskware
13.210.17418

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.04.11

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo.Installer (M)
15.10.4.11

VIPRE Antivirus
Minidigital Technologies
44274

File size:
536.2 KB (549,040 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\llys_istartsurf.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/29/2015 7:15:51 AM

Valid to:
6/21/2016 11:55:40 AM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214CE115AF28506C44B4B11D01099FEBCE

File PE Metadata
Compilation timestamp:
9/11/2015 11:27:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:WTwsAln1giCPA6W8XHFlrZtTVq2QBOiVuAC91hrrrrV6:iDbPW+pZtYlBOigAC9176

Entry address:
0x2E557

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
344 KB (352,256 bytes)

The file llys_istartsurf.exe has been seen being distributed by the following URL.

Remove llys_istartsurf.exe - Powered by Reason Core Security