home

romasterlabsetup_3_1_4.exe

刷机大师

深圳市信一网络有限公司

The application romasterlabsetup_3_1_4.exe, “刷机大师 Setup ” by 深圳市信一网络有限公司 has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from s.wodemo.com and multiple other hosts.
Publisher:
深圳市信一网络有限公司   (signed by 深圳市信一网络有限公司)

Product:
刷机大师

Description:
刷机大师 Setup

Version:
3.1.4.2164

MD5:
b3b2dc39e50796172789818f8b8d3b1d

SHA-1:
a3c39ccb3abd194739e05a85e62c23639c769b89

SHA-256:
421a3a11ed6ae1837e9bb3c7eec4cb01c1873334271fa824c56b09809493f987

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 9:27:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Multi:Lotoor-B [PUP]
2014.9-141028

ESET NOD32
Android/Spy.Agent.BN (variant)
8.10449

IKARUS anti.virus
Trojan.AndroidOS.Agent
t3scan.1.7.8.0

K7 AntiVirus
Spyware
13.183.13451

File size:
10.9 MB (11,407,864 bytes)

Product version:
3.1.4.2164

Copyright:
Copyright © 2013 Xinyi All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\romasterlabsetup_3_1_4.exe

Digital Signature
Signed by:
深圳市信一网络有限公司

Authority:
WoSign eCommerce Services Limited

Valid from:
10/16/2012 4:34:58 AM

Valid to:
10/17/2013 10:30:38 AM

Subject:
E=service@mgyun.com, CN=深圳市信一网络有限公司, O=深圳市信一网络有限公司, L=深圳市, S=广东省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
04B2B5F9C9358F

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:5N0R34soQNvjI7LMDTGjmJ/7Ui1zw9Qxox9oDVjsdDiOs/svQZi0NSjggR9nLX/V:M4Zcvj4MzN7I9Qxox+GiO6smObtIAoG

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file romasterlabsetup_3_1_4.exe has been seen being distributed by the following 6 URLs.

http://s.wodemo.com/puzzle

http://download1280.mediafire.com/41u8mtsmvnwg/.../RomasterLabSetup_3_1_4(2164).exe

http://dc473.4shared.com/download/.../RomasterLabSetup_3_1_4_2164_.exe

https://s.wodemo.com/puzzle

https://mega.co.nz/temporary/.../tkc1DAaY

http://dc657.4shared.com/download/.../RomasterLabSetup_3_1_4_2164_.exe

Remove romasterlabsetup_3_1_4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.