minidwep@57_64759.exe

Downloader

Li Xin

The application minidwep@57_64759.exe by Li Xin has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from down.xiazai2.net.
Publisher:
Li Xin  (signed and verified)

Product:
Downloader

Version:
6.0.0.1

MD5:
0a9e7e5bc35fa10ace323411f601ccba

SHA-1:
b51fb9fe3da068910aaa5e37e853df819dd91dd2

SHA-256:
d64dcff1ee6b982ebf46676ea88117931b8a055401cbdff95c1fd7e841bf0bfa

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:41:45 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2015.10.23

AVG
Generic
2016.0.2947

Baidu Antivirus
PUA.Win32.Softcnapp
4.0.3.151023

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Generickd-1403
0.98/21511

Dr.Web
Trojan.Siggen6.36073
9.0.1.0296

ESET NOD32
Win32/Softcnapp.H potentially unwanted (variant)
9.12454

Fortinet FortiGate
W32/Generic.AC.2003
10/23/2015

K7 AntiVirus
Unwanted-Program
13.211.17627

Malwarebytes
PUP.Optional.Softcnapp
v2015.10.23.09

McAfee
Artemis!0A9E7E5BC35F
5600.6603

NANO AntiVirus
Trojan.Win32.Winlock.dqvnat
0.30.26.3947

Panda Antivirus
Trj/Genetic.gen
15.10.23.09

Sophos
Mal/Agent-ARF
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44760

Zillya! Antivirus
Adware.Agent.Win32.79353
2.0.0.2468

File size:
256.2 KB (262,328 bytes)

Product version:
6.0.0.1

Original file name:
Downloader

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
3/13/2015 9:55:41 AM

Valid to:
3/13/2016 10:55:41 AM

Subject:
CN=Li Xin, L=Yingshan, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4EC8808F9295E7018CE5A64639E18B6B

File PE Metadata
Compilation timestamp:
9/4/2014 1:19:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:II2PdXOXB/oE0vsiBN8wVUMMOu9/XrrMh7yOe1pIZH0Y+:FGdX6/xyOwViOu9/X/M4Z3I1+

Entry address:
0x3384

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, A8, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 2C, 43, 00, E8, FE, 24, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 2B, 43, 00, 8D, 44, 24, 38, 50, 53, 68, 3B, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 30, 74, 40, 00, 68, C0, 0B, 43, 00, E8, F0, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 70, 44, 00, 57, E8, DE, 23, 00, 00...
 
[+]

Entropy:
7.7334

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file minidwep@57_64759.exe has been seen being distributed by the following URL.

Remove minidwep@57_64759.exe - Powered by Reason Core Security