rc4h14pqih.exe

5113_exp1_oursurfing

Skytouch Technology Co., Limited

The application rc4h14pqih.exe by Skytouch Technology Co., Limited has been detected as adware by 15 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
7th  (signed by Skytouch Technology Co., Limited)

Product:
5113_exp1_oursurfing

Description:
7th

Version:
7,0,0,2810

MD5:
6e0ca8334eb09394d96d90942a43462c

SHA-1:
8b7a3fb0c9e7da562b432a3ee16b66499e4ed0e5

SHA-256:
5784f9613473dc73860713a57e2ba54cd0cb6cf0792e83946da599ad9e5dd8b8

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
12/25/2024 2:19:51 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/ELEX.361648.2
8.3.2.4

Baidu Antivirus
Adware.Win32.Elex
4.0.3.151125

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Mutabaha.853
9.0.1.0329

ESET NOD32
Win32/ELEX.FG potentially unwanted (variant)
9.12621

G Data
Win32.Application.SubTab
15.11.25

IKARUS anti.virus
AdWare.Elex
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17963

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1066

Malwarebytes
PUP.Optional.OurSeaching
v2015.11.25.05

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.ELEX.SkytouchTechnologyCo (M)
15.11.25.17

SUPERAntiSpyware
PUP.MyStartSearch/Variant
9486

VIPRE Antivirus
SkyTouch
45416

Zillya! Antivirus
Adware.ELEX.Win32.3
2.0.0.2527

File size:
353.2 KB (361,648 bytes)

Product version:
7,0,0,2810

Copyright:
7th

Original file name:
7th

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\rc4h14pqih.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/25/2015 10:23:30 AM

Valid to:
7/19/2016 12:55:33 PM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D99EB534095C60E2A76088C0C6927518

File PE Metadata
Compilation timestamp:
9/12/2015 7:40:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:kfByutMgKwfe8nDY94mqqOyp2vTe6WVhLqnMALt4Nr0usU+5NeEdf6UerNzTxP+q:kgutMgh8y7nTeHoMg4dbsU4GAq

Entry address:
0x18724

Entry point:
E8, 5E, CF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 27, 45, 00, E8, 56, 67, 00, 00, E8, 82, 2D, 00, 00, 0F, B7, F0, 6A, 02, E8, F1, CE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B2, 63, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.9029

Code size:
190.5 KB (195,072 bytes)

Remove rc4h14pqih.exe - Powered by Reason Core Security