setup_magic_ct.exe

3134_pjr_luckysearches

Fuyuan Zhou

The application setup_magic_ct.exe by Fuyuan Zhou has been detected as adware by 20 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
ylsn  (signed by Fuyuan Zhou)

Product:
3134_pjr_luckysearches

Description:
ylsn

Version:
6,3,7601,1997

MD5:
31e0372656c5eaf842997eea94129bd9

SHA-1:
e1dd7a80ddd4eef76abc7b9a353b22c26b638112

SHA-256:
b4fc007d6f69dd576d36dbbe6dbca8cf3f6df6e4cbc0d120af929d907ff1e404

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/24/2024 5:04:06 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Evo-gen [Susp]
2014.9-150622

AVG
Potentially harmful program Downloader
2016.0.3070

Baidu Antivirus
PUA.Win32.ELEX
4.0.3.15622

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.228, Adware.Mutabaha.193
9.0.1.0173

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant)
9.11318

herdProtect (fuzzy)
2015.6.22.17

K7 AntiVirus
Trojan
13.203.15859

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.03.16.08

Reason Heuristics
PUP.Installer.FuyuanZhou
15.3.16.20

Sophos
PUA 'Elex' (of type Adware)
5.14

Trend Micro House Call
Suspicious_GEN.F47V0311
7.2.75

VIPRE Antivirus
BehavesLike.Win32.Malware.sfd (mx-v)
38406

File size:
477.1 KB (488,544 bytes)

Product version:
6,3,7601,1997

Copyright:
bsw

Original file name:
bsw

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup_magic_ct.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, S=Jilin, L=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F23159AB625CE992A314C35F55B4F8E

File PE Metadata
Compilation timestamp:
3/10/2015 4:01:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:7gKwApSwinX2pLaVHUS34Dxr56+ISxyGag/+n5o9PTBuZcZsAWYI:Cmw0cI156+IIyvncPTwZc3WYI

Entry address:
0x203AC

Entry point:
E8, A4, 6F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B4, CB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 90, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B4, CB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85...
 
[+]

Entropy:
6.3639

Code size:
338.5 KB (346,624 bytes)

The file setup_magic_ct.exe has been seen being distributed by the following URL.

Remove setup_magic_ct.exe - Powered by Reason Core Security