MaohaWifiSvr.exe

猫哈免费WiFi支持服务

深圳市猫哈网络科技发展有限公司

The application MaohaWifiSvr.exe by 深圳市猫哈网络科技发展有限公司 has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program MaohaWiFi by Maoha.
Publisher:

Product:
猫哈免费WiFi支持服务

Version:
1, 0, 1, 10

MD5:
993921373facaef60cb9f9e84aab8301

SHA-1:
561b05aa5581646c5c4726b5557d867fbdd1a3a9

SHA-256:
dafcf597b2f851ca737de52fd4a73d10a08b2323dcec72e0b0bcc4459bf9cde1

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:51:06 AM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
Trojan.Win32.Vilsel
15.0.2.529

Reason Heuristics
PUP.Maohawifi (M)
16.12.7.17

File size:
165 KB (168,992 bytes)

Product version:
1, 0, 1, 10

Copyright:
Copyright (C) 2014 深圳市猫哈网络科技发展有限公司。保留所有权利。

Original file name:
MaohaWifiSvr.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\maoha\maohaap\maohawifisvr.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
8/3/2015 2:00:00 AM

Valid to:
8/3/2017 1:59:59 AM

Subject:
CN=深圳市猫哈网络科技发展有限公司, OU=IT Dept, O=深圳市猫哈网络科技发展有限公司, L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
589DAFF5A2E11006D30F250FCEB95B37

File PE Metadata
Compilation timestamp:
11/26/2016 6:49:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:LHzgaxSS7G1N8sOqCGCseZiLkAn8Jo/FFiVP/1+0OPVBxH+75/7W0T:LTgqQNbC3iLdnTFFfVS1

Entry address:
0x11DE6

Entry point:
E8, F0, 5F, 00, 00, E9, 79, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1...
 
[+]

Code size:
111.5 KB (114,176 bytes)

The file MaohaWifiSvr.exe has been discovered within the following program.

MaohaWiFi  by Maoha
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-43-133-163.deploy.static.akamaitechnologies.com  (23.43.133.163:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-50-149-163.deploy.static.akamaitechnologies.com  (23.50.149.163:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-46-101-163.deploy.static.akamaitechnologies.com  (23.46.101.163:80)

TCP (HTTP):
Connects to etg-01-027.etg.ras.cantv.net  (200.44.26.27:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.211:80)

TCP (HTTP):
Connects to host-213.158.175.88.tedata.net  (213.158.175.88:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):
Connects to a23-15-149-163.deploy.static.akamaitechnologies.com  (23.15.149.163:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-50-197-163.deploy.static.akamaitechnologies.com  (23.50.197.163:80)

Remove MaohaWifiSvr.exe - Powered by Reason Core Security