of_mx-i3-istartsurf_chk_0_305.exe

3157_profr_istartsurf

Xiaoqing Liu

The application of_mx-i3-istartsurf_chk_0_305.exe by Xiaoqing Liu has been detected as adware by 13 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
ylsn  (signed by Xiaoqing Liu)

Product:
3157_profr_istartsurf

Description:
ylsn

Version:
6,3,7601,1997

MD5:
fa62b3336ca66e5cb83345f3740794cb

SHA-1:
171fff23cb6f098a68c5ec1c0ea559d3f05d0395

SHA-256:
88ca6a2042d2caa1c20d29e64095c066461731615c9820406e4dbb3bd337d132

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 6:00:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Evo-gen [Susp]
2014.9-150509

AVG
Potentially harmful program Downloader
2016.0.3114

Baidu Antivirus
PUA.Win32.ELEX
4.0.3.1559

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.228, Adware.Mutabaha.193
9.0.1.0129

ESET NOD32
Win32/ELEX.CE potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
2015.8.7.7

K7 AntiVirus
Trojan
13.203.15859

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.05.09.05

NANO AntiVirus
Riskware.Win32.Mutabaha.dppbbu
0.30.24.1357

Reason Heuristics
Threat.Li Mo.XiaoqingLiu
15.5.9.13

Sophos
PUA 'Elex' (of type Adware)
5.14

File size:
477.4 KB (488,904 bytes)

Product version:
6,3,7601,1997

Copyright:
bsw

Original file name:
bsw

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\of_mx-i3-istartsurf_chk_0_305.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/12/2014 9:00:00 PM

Valid to:
8/17/2015 9:00:00 AM

Subject:
CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EBAB4AC38B70A33EE517D238BDE49D7

File PE Metadata
Compilation timestamp:
3/10/2015 12:01:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jgKwApSwinX2pLaVHUS34Dxr56+ISxyGag/+n5o9PTBuZcZsUWY9:qmw0cI156+IIyvncPTwZczWY9

Entry address:
0x203AC

Entry point:
E8, A4, 6F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B4, CB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 90, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B4, CB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85...
 
[+]

Code size:
338.5 KB (346,624 bytes)

Remove of_mx-i3-istartsurf_chk_0_305.exe - Powered by Reason Core Security