smt_oursurfing.exe

4964_smt_oursurfing

CHAODONG XIAO

The application smt_oursurfing.exe by CHAODONG XIAO has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
CHAODONG XIAO  (signed and verified)

Product:
4964_smt_oursurfing

Description:
Installer Module

Version:
1.0.0.2

MD5:
6b5c1e554c1d7434263b7a99ee2e16b6

SHA-1:
c0b99439427588c4f30cde986cadf07ad7326a7a

SHA-256:
375d820c83263539c26847855a464c3e32f5072e83cfa8bfd3d79ccaa06956f2

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/26/2024 3:05:28 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151027

Dr.Web
Adware.Mutabaha.812
9.0.1.0300

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12472

K7 AntiVirus
Adware
13.212.17663

Malwarebytes
PUP.Optional.OurSeaching
v2015.10.27.06

Panda Antivirus
Trj/Genetic.gen
15.10.27.06

Reason Heuristics
Threat.Win.Reputation.IMP
15.10.27.18

Zillya! Antivirus
Adware.BrowseFox.Win32.122766
2.0.0.2477

File size:
538.8 KB (551,680 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\smt_oursurfing.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
10/27/2015 1:00:00 AM

Valid to:
10/21/2016 1:59:59 AM

Subject:
CN=CHAODONG XIAO, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
49899B24CF4F92E88D8A95807ECC70B7

File PE Metadata
Compilation timestamp:
10/15/2015 7:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:LOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrC3:LEwgWCOEuvFM4+saDvXN9is

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

Remove smt_oursurfing.exe - Powered by Reason Core Security