home

oursurfing.exe

4780_eip_oursurfing

Thinknice Co., Limited

The application oursurfing.exe by Thinknice Co., Limited has been detected as adware by 16 anti-malware scanners.
Publisher:
Portmon/EE  (signed by Thinknice Co., Limited)

Product:
4780_eip_oursurfing

Description:
Portmon/EE

Version:
7.0.1.13

MD5:
293442fcdec81079b35a6a75853275da

SHA-1:
5c19ff93eebb5ed6aa73aa2cbe7fb2fe0cd6e112

SHA-256:
daf19f16f93d882c1f5f1a6ae2c8ae430aa82b37e255647f788cd96bb75ef02c

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/6/2024 3:44:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Elex.M
493

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Application.Elex.M
1.0.0.567

Bitdefender
Application.Elex.M
1.0.20.1365

Dr.Web
Adware.Mutabaha.731
9.0.1.0273

ESET NOD32
Win32/ELEX.EY potentially unwanted (variant)
9.12329

Fortinet FortiGate
Riskware/Elex
9/30/2015

F-Secure
Application.Elex.M
11.2015-30-09_4

G Data
Application.Elex
15.9.25

K7 AntiVirus
Adware
13.210.17369

Malwarebytes
PUP.Optional.OurSeaching
v2015.09.30.08

McAfee
Artemis!293442FCDEC8
5600.6627

MicroWorld eScan
Application.Elex.M
16.0.0.819

Reason Heuristics
PUP.Thinknice.ThinkniceCo (M)
15.9.30.8

Sophos
Generic PUA FM (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
44142

File size:
310.1 KB (317,560 bytes)

Product version:
7.0.1.13

Copyright:
Portmon/EE

Original file name:
portmon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\roaming\oursurfing\oursurfing.exe

Digital Signature
Signed by:
Thinknice Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 2:48:26 PM

Valid to:
10/21/2015 12:56:52 PM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112170C8A859FAC5632237A13A696FA39819

File PE Metadata
Compilation timestamp:
9/9/2015 9:22:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:AkmdA5Mu/y0+DC9yHZLC3Nd+WJD19LSpUXv/x6Gaw2xTV+1WrrglVZxraAvD646j:APdsMWB+eWqNBJSS3z92xTV4VfNT6j

Entry address:
0x17AC6

Entry point:
E8, 70, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 4C, 3D, 44, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, E8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 4C, 3D, 44, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
5.8676

Code size:
191.5 KB (196,096 bytes)

Remove oursurfing.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.