setup_hh-0324.exe

上饶市风云网络科技有限公司

The application setup_hh-0324.exe, “极速压缩快速智能的压缩软件 ” by 上饶市风云网络科技有限公司 has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from www.xiazaiba.com.
Publisher:
极速压缩   (signed by 上饶市风云网络科技有限公司)

Product:
极速压缩

Description:
极速压缩快速智能的压缩软件

Version:
2015.0805.1637.27

MD5:
d0c117079894b3cf3cc91a2983f8ca56

SHA-1:
6378d60a78b55a97cca5fbb4f81c68f98da7673f

SHA-256:
6ac234e3ab702b45e55746069df5bda27c27d0f283abb1e91eaae358fa07722d

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 11:28:03 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
ADWARE/Agent.2927264
8.3.1.6

avast!
Win32:Malware-gen
2014.9-160103

Baidu Antivirus
Adware.Win32.Agent
4.0.3.1613

Bkav FE
W32.HfsAdware
1.3.0.7062

Comodo Security
UnclassifiedMalware
23000

Dr.Web
Adware.WDJiange.1
9.0.1.03

Fortinet FortiGate
Adware/Agent
1/3/2016

G Data
Win32.Application.Agent.P6KQ1B
16.1.25

K7 AntiVirus
Riskware
13.208.16879

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.873

Malwarebytes
PUP.Optional.Chinad.C
v2016.01.03.08

McAfee
Artemis!D0C117079894
5600.6532

Panda Antivirus
Trj/CI.A
16.01.03.08

Sophos
Install Core Click run software (PUA)
4.98

VIPRE Antivirus
Adware.Agent
42848

File size:
2.8 MB (2,927,264 bytes)

Product version:
1.0

Copyright:
Copyright © 2012-2015 极速压缩, Inc.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup_hh-0324.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/12/2014 5:56:46 PM

Valid to:
11/12/2015 5:56:46 PM

Subject:
CN=上饶市风云网络科技有限公司, O=上饶市风云网络科技有限公司, L=上饶市, S=江西省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
13897CA2D1B4DC3033DD34FF5BC6E9E2

File PE Metadata
Compilation timestamp:
7/9/2014 3:58:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:gOr36z/3R2+uVHQUA5Ky4sgSw10UEDLn3YW/uYBZrXD5kKKOlZ1k:7rcw+qHAUcgSFf33/uYBZTlPPW

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.8851

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file setup_hh-0324.exe has been seen being distributed by the following URL.

Remove setup_hh-0324.exe - Powered by Reason Core Security