q5cq4mytcdit86t.exe

3963_icp_istartsurf

Taiming Li

The application q5cq4mytcdit86t.exe by Taiming Li has been detected as adware by 15 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 41.223.201.246 and multiple other hosts.
Publisher:
Synergy (32-bit)  (signed by Taiming Li)

Product:
3963_icp_istartsurf

Description:
Synergy (32-bit)

Version:
6.3.7700.1011

MD5:
5538170b1df8f87b87bd8188a1773681

SHA-1:
6d8432b70d3b8e0c68105763dea8fb71d5535015

SHA-256:
47b98cd63624a2648349ed9af01bf7fb5929057f8276c831886dc444a317c74c

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
12/24/2024 6:36:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
562

Arcabit
Application.Elex.1
1.0.0.425

Bitdefender
Gen:Application.Elex.1
1.0.20.1015

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.412
9.0.1.0234

ESET NOD32
Win32/ELEX.EC potentially unwanted (variant)
9.11813

F-Secure
Gen:Application.Elex.1
11.2015-22-07_4

G Data
Gen:Application.Elex
15.7.25

herdProtect (fuzzy)
2015.8.22.21

K7 AntiVirus
Adware
13.205.16305

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.07.22.01

MicroWorld eScan
Gen:Application.Elex.1
16.0.0.609

Panda Antivirus
Trj/Genetic.gen
15.07.22.01

Reason Heuristics
PUP.Ma Lin.TaimingLi (M)
15.7.22.13

SUPERAntiSpyware
PUP.MyStartSearch/Variant
9738

File size:
405 KB (414,688 bytes)

Product version:
6.3.7700.1011

Copyright:
Synergy (32-bit) 2015

Original file name:
Synergy.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\q5cq4mytcdit86t.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
12/8/2014 6:00:00 AM

Valid to:
12/16/2015 6:00:00 PM

Subject:
CN=Taiming Li, O=Taiming Li, L=Shennongjia, S=Hubei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02BD768E4FBA54F7F5E7E9498BFB170E

File PE Metadata
Compilation timestamp:
6/10/2015 2:25:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:76xoSLel0vhUG3+80LQ5OGcAejXQSVGb9h9hnYXxfLx:76uY40vhd+HLgtnYXx1

Entry address:
0x38610

Entry point:
E8, EC, D4, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 9C, 4D, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 08, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 9C, 4D, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00...
 
[+]

Code size:
323 KB (330,752 bytes)

The file q5cq4mytcdit86t.exe has been seen being distributed by the following 2 URLs.

http://41.223.201.246/.../icp_istartsurf.exe

Remove q5cq4mytcdit86t.exe - Powered by Reason Core Security