home

osnlfuzu.exe

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The file osnlfuzu.exe by Riyue Tongxing Information Technology (Beijing) Co.,Ltd has been detected as a potentially unwanted program by 21 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from c3.9377wan.cn and multiple other hosts.
Publisher:
Riyue Tongxing Information Technology (Beijing) Co.,Ltd.  (signed and verified)

Product:
downer for windows

Version:
1.3.1.14

MD5:
d41981ea2fc45e6c11a6e1fed330856b

SHA-1:
6f12ff8fb7bf698f6f5f42d501d4deefc80e4ed7

SHA-256:
453f7270560ad0fadbd4be87715a54068ffcd939f51fec65d0fa67798a8e32e6

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
2/25/2025 12:36:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.60792
135

Arcabit
Trojan.Symmi.DED78
1.0.0.774

AVG
Downloader.Generic14
2017.0.2613

Bitdefender
Gen:Variant.Symmi.60792
1.0.20.1330

Emsisoft Anti-Malware
Gen:Variant.Symmi.60792
8.16.09.22.11

ESET NOD32
Win32/Gaofenquming.B potentially unwanted (variant)
10.14161

F-Secure
Gen:Variant.Symmi.60792
11.2016-22-09_5

G Data
Gen:Variant.Symmi.60792
16.9.25

IKARUS anti.virus
PUA.Gaofenquming
t3scan.2.1.6.0

K7 AntiVirus
Adware
13.2320954

Kaspersky
not-a-virus:Downloader.Win32.Donex
14.0.0.-442

McAfee
Generic Downloader.c
5600.6269

Microsoft Security Essentials
SoftwareBundler:Win32/Qiwmonk
1.1.13000.0

MicroWorld eScan
Gen:Variant.Symmi.60792
17.0.0.798

NANO AntiVirus
Riskware.Win32.Downware.efutct
1.0.38.11617

Quick Heal
Downloader.Donex.C10
9.16.14.00

Rising Antivirus
Malware.Generic!fOQQk4IwuzE@4 (thunder)
23.00.65.16920

Sophos
Downloader (PUA)
4.98

SUPERAntiSpyware
PUP.Downloader/Variant
8882

Vba32 AntiVirus
Downloader.Donex
3.12.26.4

Zillya! Antivirus
Downloader.Donex.Win32.3
2.0.0.3064

File size:
1003.2 KB (1,027,248 bytes)

Product version:
1.3.1.14

Copyright:
Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:
downer

Common path:
C:\users\{user}\appdata\local\temp\osnlfuzu.exe.part

Digital Signature
Signed by:
Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
11/2/2015 4:43:59 PM

Valid to:
11/2/2016 4:43:59 PM

Subject:
CN="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", O="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", STREET="B801A,8F,Block B,S&T Fortune Center,No.8,Xueqing Road,Haidian District", PostalCode=100083, L=Beijing, S=Beijing, C=CN, SERIALNUMBER=110108011321704, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Beijing, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN

Issuer:
CN=WoSign EV Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
52DC4C31F7609AF339EF3228BD510B83

File PE Metadata
Compilation timestamp:
5/16/2016 2:28:03 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:vPKJecZwWJUySDUEAA7AFfl6XPxq2PDud:X7SitIBA7AmXJq27ud

Entry address:
0x258CF0

Entry point:
60, BE, 00, 80, 56, 00, 8D, BE, 00, 90, E9, FF, C7, 87, F8, 29, 18, 00, 43, 2B, 2C, 76, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.8675

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
964 KB (987,136 bytes)

The file osnlfuzu.exe has been seen being distributed by the following 2 URLs.

http://c3.9377wan.cn/.../Corel Painter 11(????????)_18@182965.exe

http://c1.9377wan.cn/.../KMPlayer_1@38003.exe

Remove osnlfuzu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.