suptab_v5.8.8.777_noblank_amy.exe

Liyan Liu

The application suptab_v5.8.8.777_noblank_amy.exe by Liyan Liu has been detected as adware by 3 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Liyan Liu  (signed and verified)

Version:
5.8.8.777

MD5:
65168093aa74504f0f7eb2d8661ec536

SHA-1:
e59b76efac5404aa00d7049f272611830615c79e

SHA-256:
4c019debebd85a9547173e2c72ada68d5c179850e8bc64f2a18f02b1b5b513b7

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
12/25/2024 1:02:54 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141022

Reason Heuristics
PUP.LiyanLiu.AA
14.10.22.7

VIPRE Antivirus
Elex Installer
34124

File size:
2.5 MB (2,626,528 bytes)

Product version:
5.8.8.777

Copyright:
Copyright (C) 2014

Original file name:
SupPacke.exe

File type:
Executable application (Win32 EXE)

Language:
Çince (Basitlestirilmis, Çin)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\suptab_v5.8.8.777_noblank_amy.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 3:00:00 AM

Valid to:
7/27/2015 3:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
10/20/2014 12:41:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:9H+zfnxlOYZ8WhsHyNIQ1zga6l3AhlzrT15ospf63krE/NBRFT51NuA90EhG3Xza:RInTDPhvaQpL6lwhlzrTXw3NbXuEhGnu

Entry address:
0x4EACD

Entry point:
E8, DF, 5B, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 3A, 24, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, 67, 47, 00, 74, 11, A1, 2C, 68, 47, 00, 85, 42, 70, 75, 07, E8, 62, 5F, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, A0, 60, 47, 00, 74, 15, 8B, 4E, 08, A1, 2C, 68, 47, 00, 85, 41, 70, 75, 08, E8, DD, 4E, 00, 00, 89, 46, 04, 8B, 4E, 08, 8B, 41, 70, A8, 02, 75, 16, 83, C8, 02, 89, 41, 70, C6, 46, 0C, 01, EB...
 
[+]

Code size:
374 KB (382,976 bytes)

Remove suptab_v5.8.8.777_noblank_amy.exe - Powered by Reason Core Security