pjr_webssearches.exe

2455_pjr_webssearches

Fuyuan Zhou

The application pjr_webssearches.exe by Fuyuan Zhou has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlyangshijian.com and multiple other hosts.
Publisher:
SysTools  (signed by Fuyuan Zhou)

Product:
2455_pjr_webssearches

Description:
SysTools

Version:
6.3.7601.1002

MD5:
2da9ef8ef1eaa32a033851432191dba2

SHA-1:
6127cfd43e28595233dff6fb7ada3b5e7df6da41

SHA-256:
54c03f279cc28d2ec18722ef5ea516db3040eb7fbae9acb7383dde047c976c69

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/24/2024 6:26:34 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.15218

ESET NOD32
Win32/LiMo (variant)
9.11035

G Data
Win32.Application.Limo
15.1.24

Reason Heuristics
PUP.FuyuanZhou
15.2.14.11

Sophos
Elex
4.98

File size:
316.1 KB (323,680 bytes)

Product version:
6.3.7601.1002

Copyright:
SysTools

Original file name:
sTools.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pjr_webssearches.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B378A1487E66949A44C8CAE23820481

File PE Metadata
Compilation timestamp:
12/31/2014 10:09:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:sotrk0ky0geJCwQIV1NHrHdpx1EvkeUf+BdhZ5iG5xYxBjWnft:soW0ky0geci56kT91Gft

Entry address:
0x18B10

Entry point:
E8, B3, BC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 50, 03, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 44, 44, 00, 00, 59, FF, 34, F5, 50, 03, 44, 00, FF, 15, EC, 10, 43, 00, 5E, 5D, C3, 56, 57, BE, 50, 03, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, F4, 10, 43, 00, 53, E8, 66, C6, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 70, 04, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Code size:
191.5 KB (196,096 bytes)

The file pjr_webssearches.exe has been seen being distributed by the following 2 URLs.

Remove pjr_webssearches.exe - Powered by Reason Core Security