TMain.exe

2881_face_istartsurf

Xiaoqing Liu

The file TMain.exe by Xiaoqing Liu has been detected as adware by 9 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlquzijin.com.
Publisher:
TabMain  (signed by Xiaoqing Liu)

Product:
2881_face_istartsurf

Description:
TabMain

Version:
6.3.76.1530

MD5:
78691b85d352a08a0e227e9efc6f20ef

SHA-1:
772db2bf755d86ffec1d3626e2024a9251e6ee66

SHA-256:
ad5162260acdc383ca095dc33a07c5d27498d0672cd6453f95f4f249f07b35d4

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/23/2024 5:18:53 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150324

AVG
Potentially harmful program Downloader
2016.0.3161

Baidu Antivirus
PUA.Win32.ELEX
4.0.3.15324

Dr.Web
Adware.Mutabaha.228
9.0.1.0167

ESET NOD32
Win32/ELEX.CF potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
2015.6.29.6

K7 AntiVirus
Adware
13.202.15361

Malwarebytes
PUP.Optional.IStartSurf.A
v2015.03.24.09

Reason Heuristics
PUP.Li Mo
15.3.24.9

File size:
548.4 KB (561,608 bytes)

Product version:
6.3.76.1530

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\nsg45c4.tmp

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/13/2014 2:00:00 AM

Valid to:
8/17/2015 2:00:00 PM

Subject:
CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0EBAB4AC38B70A33EE517D238BDE49D7

File PE Metadata
Compilation timestamp:
3/4/2015 11:52:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:wwruOBP7y9zxCO8Ng8dX3CzG0fjMs/hO57UMfoRAa4kTp210l:c4gAHgDfjX/hWU+odNTp2yl

Entry address:
0x3117E

Entry point:
E8, 61, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 50, 15, 46, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 18, 11, 46, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05...
 
[+]

Code size:
383 KB (392,192 bytes)

The file TMain.exe has been seen being distributed by the following URL.

Remove TMain.exe - Powered by Reason Core Security