home

smt_istartsurf.exe

Shulan Hou

The application smt_istartsurf.exe by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Shulan Hou  (signed and verified)

MD5:
021972f85d3e4152f41d9af0ab369c18

SHA-1:
7837cdcd61c60982b7ab385731a7da5fe65baa42

SHA-256:
86f417acca64a16aba95f8ca7e171ecf6522264609354a1977f42177d7d19f2c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/25/2024 9:26:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.10.24.15

File size:
655.6 KB (671,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\smt_istartsurf.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
DigiCert Inc

Valid from:
12/23/2014 9:00:00 PM

Valid to:
1/6/2016 9:00:00 AM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F2577198BBF58AC5F13AC0B95180508

File PE Metadata
Compilation timestamp:
3/31/2015 4:45:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Xd8QkoEGrfnap6Lf7ouRcH/8sefPW51h/a148rCZ5nFfyVBsqVxVey:6vhG1wuREeEO1JMFFfy9Xt

Entry address:
0x29EB7

Entry point:
FC, 7E, CA, D3, 68, 2B, 32, B4, 98, B1, 97, 45, B0, 35, 9B, 4D, E6, 74, 24, 61, 25, 0C, 54, 8A, 05, C9, 50, 51, 18, E3, FC, 78, 8B, 21, E3, 44, CB, 23, 69, A2, 5D, 5C, F2, 71, 35, 3A, 83, 04, 9C, 58, BB, 8C, 43, 91, 45, E1, 45, 50, 38, 0B, 64, 53, DC, 89, 62, 2D, CA, 02, 1E, 4A, 87, D0, E3, 1E, 27, E9, 8F, 29, 27, 68, 6E, 11, 77, 2F, 08, FE, 34, 9C, 8D, E1, 71, 82, A2, 4F, 38, B5, C6, 3B, 0C, B3, 14, E7, 34, DF, 13, 04, 92, E9, 91, 3D, 58, 51, 51, EA, D6, 43, 10, F1, 26, CA, E3, 0A, 20, 69, 2E, 0E, 53, CC...
 
[+]

Code size:
468.5 KB (479,744 bytes)

Remove smt_istartsurf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.