teez.exe

CHummer

Luftix Limited

The application teez.exe, “Description is empty” by Luftix Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from upd.files-download-23.com.
Publisher:
Elit -e - Company  (signed by Luftix Limited)

Product:
CHummer

Description:
Description is empty

Version:
3, 5, 13, 0

MD5:
2f737dc5874269dec8e8056b9088cfaf

SHA-1:
77735574c340cc1ddea573942844b30e41a7d7a6

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 11:05:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Luftix (M)
16.2.6.0

File size:
45.9 KB (46,984 bytes)

Product version:
3, 5, 13, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\teez.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/22/2013 2:00:00 AM

Valid to:
11/23/2015 1:59:59 AM

Subject:
CN=Luftix Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Luftix Limited, L=Limassol, S=Limassol, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A7F4B2BE2CD0298681BD484A9D66769

File PE Metadata
Compilation timestamp:
9/5/2014 5:53:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:/Owfivq/RsoZNUYbmSChHUborYp9vZ12CTC9Yd/a1nye:33mhhfYp9x12CTC9Yd/aye

Entry address:
0x3210

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00...
 
[+]

Entropy:
5.9779

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

The file teez.exe has been seen being distributed by the following URL.

Remove teez.exe - Powered by Reason Core Security