oa6j0qm2ap5iqgixdllysmiaqsoa6j0qm2ap5iqgixdllysmiaqs_a9.exe

5010_pcm1_istartsurf

Yuxin WANG

The application oa6j0qm2ap5iqgixdllysmiaqsoa6j0qm2ap5iqgixdllysmiaqs_a9.exe by Yuxin WANG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 2ndrequest.me and multiple other hosts.
Publisher:
Portmon/EE  (signed by Yuxin WANG)

Product:
5010_pcm1_istartsurf

Description:
Portmon/EE

Version:
7.0.1.13

MD5:
70b0e8902b29f58a71512ada2ad98041

SHA-1:
040e7d7b1720eb9ae4654d8ab61dcb070efead51

SHA-256:
4a0cafdcdbcec82f6f5e24bade1ef07a7dc10bb0263b7cf65032e4f2149ec9a9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:55:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.YuxinWANG (M)
15.11.3.22

File size:
310.2 KB (317,688 bytes)

Product version:
7.0.1.13

Copyright:
Portmon/EE

Original file name:
portmon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\oa6j0qm2ap5iqgixdllysmiaqsoa6j0qm2ap5iqgixdllysmiaqs_a9.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/27/2015 10:00:00 PM

Valid to:
8/12/2017 8:59:59 PM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7A286790FA04CD425C18CED8114D7057

File PE Metadata
Compilation timestamp:
9/9/2015 12:52:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:tkmdA5Mu/y0+DC9yHZLC3Nd+WJD19LSpUXv/x6Gaw2xTV+1WrrglVZxraAvDa6Sj:tPdsMWB+eWqNBJSS3z92xTV4VfNu6S

Entry address:
0x17AC6

Entry point:
E8, 70, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 4C, 3D, 44, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, E8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 4C, 3D, 44, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
191.5 KB (196,096 bytes)

The file oa6j0qm2ap5iqgixdllysmiaqsoa6j0qm2ap5iqgixdllysmiaqs_a9.exe has been seen being distributed by the following 2 URLs.