may6_3650_cor_sweet-page.exe

3650_cor_sweet-page

Li Mo

The application may6_3650_cor_sweet-page.exe by Li Mo has been detected as adware by 19 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
Spy union  (signed by Li Mo)

Product:
3650_cor_sweet-page

Description:
Spy union

Version:
6.4.7603.1014

MD5:
33ae51ccce74a8c77e66fa3dd3e2b141

SHA-1:
d519044fa03c790924b0328dfbd6623955881c48

SHA-256:
7b84f6a9aa47f1ba077856dbd1e758d8475c13dc8695501c42cebf576cf819cc

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 11:40:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
637

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.05.12

avast!
Win32:Malware-gen
150414-0

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.1558

Bitdefender
Gen:Application.Elex.1
1.0.20.640

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Application.Elex
9.0.0.4799

ESET NOD32
Win32/LiMo.C potentially unwanted (variant)
9.11596

Fortinet FortiGate
Riskware/LiMo
5/8/2015

F-Secure
Gen:Application.Elex.1
11.2015-08-05_6

G Data
Gen:Application.Elex
15.5.25

K7 AntiVirus
Adware
13.203.15869

Malwarebytes
PUP.Optional.MyStartSearch.A
v2015.06.15.05

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.384

Panda Antivirus
PUP/YAC
15.05.08.01

Reason Heuristics
Threat.Liyan Liu.LiMo
15.5.8.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
40160

File size:
307.4 KB (314,744 bytes)

Product version:
6.4.7603.1014

Copyright:
Spy union

Original file name:
ComEntCount.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3a2b9561_stp\may6_3650_cor_sweet-page.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/4/2014 3:00:00 AM

Valid to:
8/12/2015 3:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0BF14271D8A8ADE8A541CE8C8E1D75A1

File PE Metadata
Compilation timestamp:
5/5/2015 12:46:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:0VOjzEv21NJDAMbuldy6SHUt7nt6Mp6IRq7S7TAHMTOsU+FjC3LIOu9xposrqaWc:0VCzEv2N0iGY6VyML428MTOsULzmqY

Entry address:
0x17306

Entry point:
E8, 70, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 2D, 44, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, D8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 2D, 44, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
189.5 KB (194,048 bytes)

Remove may6_3650_cor_sweet-page.exe - Powered by Reason Core Security