home

oursurfing.exe

4915_2sq3_oursurfing

Thinknice Co., Limited

The application oursurfing.exe by Thinknice Co., Limited has been detected as adware by 13 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Thinknice Co., Limited  (signed and verified)

Product:
4915_2sq3_oursurfing

Description:
Installer Module

Version:
1, 0, 0, 1

MD5:
fa37b3d770612306f6c538aa20c521a6

SHA-1:
d3b5f772c13dd7d1f5b7a7ade12d9ead8da1cc3d

SHA-256:
9544a4df4f42e814d97c0376b79fc23811b58a8024a64cd67fc1d05336b16dbf

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
11/30/2024 8:52:52 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-151030

AVG
Elex
2016.0.2940

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151030

Dr.Web
Adware.Mutabaha.731
9.0.1.0303

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12428

Fortinet FortiGate
Riskware/Elex
10/30/2015

IKARUS anti.virus
BHO.Win32.SupTab
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.211.17572

Malwarebytes
PUP.Optional.OurSeaching
v2015.10.30.12

McAfee
Artemis!FA37B3D77061
5600.6596

Reason Heuristics
PUP.Thinknice.ThinkniceCo.Installer (M)
15.10.30.12

VIPRE Antivirus
Elex Installer
44648

Zillya! Antivirus
Trojan.Agent.Win32.584754
2.0.0.2454

File size:
536.1 KB (548,984 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\oursurfing.exe

Digital Signature
Signed by:
Thinknice Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 3:18:26 PM

Valid to:
10/21/2015 1:26:52 PM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112170C8A859FAC5632237A13A696FA39819

File PE Metadata
Compilation timestamp:
9/11/2015 3:27:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:DTwsAln1giCPA6W8XHFlrZtTVq2QBOiVuAC91hrrrrB+:fDbPW+pZtYlBOigAC91/+

Entry address:
0x2E557

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Entropy:
5.9902

Code size:
344 KB (352,256 bytes)

Remove oursurfing.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.