home

thunder_dl_7.9.40.5006review@81_135373.exe

downloader of lewell

Hefei Lewei Information Technology Co.,Ltd.

The application thunder_dl_7.9.40.5006review@81_135373.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 10 anti-malware scanners. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts.
Publisher:
Hefei Lewei Information Technology Co.,Ltd.  (signed and verified)

Product:
downloader of lewell

Version:
1.0.0.1

MD5:
d634ba0f69c29a8b8944a3838f8ee9a4

SHA-1:
d384b6444aa2104e84bffb165c9676eeec91fe43

SHA-256:
e9d29dbf37ca8c31c4555ac8b003458f46af82b3fdadb00b1e69eaf7004abd89

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:08:58 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Qjwmonkey.cfk
8.3.2.2

avast!
Win32:Adware-gen [Adw]
2014.9-151114

AVG
Generic7
2016.0.2926

Baidu Antivirus
Adware.Win32.Qjwmonkey
4.0.3.151114

Comodo Security
ApplicUnwnt
23581

Dr.Web
Adware.Qjwmonkey.47
9.0.1.0318

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.12561

Fortinet FortiGate
Riskware/Qjwmonkey
11/14/2015

K7 AntiVirus
Adware
13.212.17847

VIPRE Antivirus
Trojan.Win32.Generic
45198

File size:
722.6 KB (739,920 bytes)

Product version:
1.0.0.1

Original file name:
downloader of lewell

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\thunder_dl_7.9.40.5006review@81_135373.exe

Digital Signature
Signed by:
Hefei Lewei Information Technology Co.,Ltd.

Authority:
WoSign CA Limited

Valid from:
10/29/2015 2:17:37 PM

Valid to:
10/29/2016 2:17:37 PM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
11/5/2015 7:46:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:zWN4Z2tkBn7v+F4FoZTDBgXSvnpCnfBRBq8BZhrnkNUNiyFSdMqP:zWuZ2k64Fc0nfBRBLtrnkNU/SdMqP

Entry address:
0x1E92B

Entry point:
E8, 89, A2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, C5, A3, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.4197

Code size:
213 KB (218,112 bytes)

The file thunder_dl_7.9.40.5006review@81_135373.exe has been seen being distributed by the following 4 URLs.

http://xiazai.zol.com.cn/down.php?softid=430925&subcateid=279&site=10&checkStr=5a4cde5fe66f2001e&pos=wtgs1&rand=357960

http://up.sd.baidu.com/?rh=012EA05E880D5A8C8AB7E59B62EE4280&baidusign=25361497&baidurand=9342

http://xiazai.zol.com.cn/down.php?nn=4c62de6d84661e0ac&softid=415413&subcateid=58&site=10&server=10&rand=8940828

http://url.downxia.com/.../???@34_106819.exe

Remove thunder_dl_7.9.40.5006review@81_135373.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.