qt4.6.22.17784@81_212101.exe

speed cloud download

Anhui Shuyang Science and Technology Co., Ltd.

The application qt4.6.22.17784@81_212101.exe by Anhui Shuyang Science and Technology Co. has been detected as a potentially unwanted program by 19 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts.
Publisher:

Product:
speed cloud download

Version:
1.0.0.17

MD5:
5e0009e97eaa8de020544a07bb2d4634

SHA-1:
661a3e15a8777469b9c76220692faacfbb070890

SHA-256:
21b0ffd57932093f30885c1f4022209e02fe889e488018814c0c676c7dac81d3

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:53:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.84
319

AegisLab AV Signature
Gen.Variant.Application!c
2.1.4+

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

Avira AntiVirus
APPL/Qjwmonkey.cfk
8.3.3.4

Arcabit
Trojan.Application.Bundler.84
1.0.0.662

avast!
Win32:Adware-gen [Adw]
2014.9-160321

AVG
Generic7
2017.0.2797

Bitdefender
Gen:Variant.Application.Bundler.84
1.0.20.405

Clam AntiVirus
Win.Adware.Agent-1388374
0.98/21511

Dr.Web
Adware.Qjwmonkey.64
9.0.1.081

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
10.13210

F-Secure
Gen:Variant.Application.Bundler
11.2016-21-03_2

G Data
Gen:Variant.Application.Bundler.84
16.3.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.218.19062

MicroWorld eScan
Gen:Variant.Application.Bundler.84
17.0.0.243

NANO AntiVirus
Riskware.Win32.Agent.eawsph
1.0.18.6677

Panda Antivirus
Trj/Genetic.gen
16.03.21.02

Zillya! Antivirus
Adware.Qjwmonkey.Win32.120
2.0.0.2735

File size:
751.8 KB (769,880 bytes)

Product version:
1.0.0.17

Original file name:
speed cloud download

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\qt4.6.22.17784@81_212101.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/10/2015 4:22:19 PM

Valid to:
11/10/2016 4:22:19 PM

Subject:
CN="Anhui Shuyang Science and Technology Co., Ltd.", O="Anhui Shuyang Science and Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
27BA3235C93985359DD82D00A9C1D9B4

File PE Metadata
Compilation timestamp:
3/4/2016 1:57:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:USJOGZ26ou000vr2vlPgBRBq8BZhrnkNUNTJd/by:USJ5IlD2CBRBLtrnkNUpJd/by

Entry address:
0x2133B

Entry point:
E8, C9, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, 05, B2, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.3170

Code size:
228 KB (233,472 bytes)

The file qt4.6.22.17784@81_212101.exe has been seen being distributed by the following 5 URLs.

http://xiazai.zol.com.cn/down.php?nn=59b8b32bce2969b8d&softid=262406&subcateid=325&site=10&server=10&rand=7697115

http://xiazai.zol.com.cn/down.php?nn=a00af479e7ec9b769&softid=318419&subcateid=50&site=10&server=10&rand=5042963

Remove qt4.6.22.17784@81_212101.exe - Powered by Reason Core Security