´˵ұ˸(´˵)v3.exe

Downloader

Ruifeng Network Technology Co., Ltd.

The application ´˵ұ˸(´˵)v3.exe by Ruifeng Network Technology Co. has been detected as adware by 23 anti-malware scanners. The file has been seen being downloaded from count.ddooo.com and multiple other hosts.
Publisher:
Ruifeng Network Technology Co., Ltd.  (signed and verified)

Product:
Downloader

Version:
6.0.3.9

MD5:
6a628ef472c14b8cb41531beb33dcdd8

SHA-1:
34f8ebbb669eea622c4bc58bcb604f1a6d493cbb

SHA-256:
987ec6a12998481e302b38e65451446a1042ac321aebd3c7e2fade18a287293c

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/5/2024 10:03:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PLH
661

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-150404

AVG
Generic6
2016.0.3150

Bitdefender
Adware.Agent.PLH
1.0.20.525

Comodo Security
Application.Win32.Qjwmonkey.ADH
21620

Dr.Web
Adware.Qjwmonkey.7
9.0.1.094

Emsisoft Anti-Malware
Adware.Agent.PLH
8.15.04.15.03

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.11419

Fortinet FortiGate
Riskware/Qjwmonkey
4/15/2015

F-Secure
Adware.Agent.PLH
11.2015-15-04_4

G Data
Adware.Agent.PLH
15.4.25

herdProtect (fuzzy)
2015.7.8.11

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15470

Malwarebytes
PUP.Optional.Chad
v2015.04.15.03

McAfee
Artemis!91289404FFA8
5600.6711

MicroWorld eScan
Adware.Agent.PLH
16.0.0.315

NANO AntiVirus
Riskware.Win32.Qjwmonkey.dqafrm
0.30.8.659

Reason Heuristics
PUP.RuifengNetworkTechnologyCo
15.4.24.0

Sophos
Ruifeng
4.98

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.189

VIPRE Antivirus
Adware Trojan.Win32.Generic
38838

File size:
675.3 KB (691,456 bytes)

Product version:
6.0.3.9

Original file name:
Downloader

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Authority:
WoSign CA Limited

Valid from:
1/14/2015 4:05:07 AM

Valid to:
1/14/2016 4:05:07 AM

Subject:
CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata
Compilation timestamp:
3/28/2015 9:42:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:8zAhsY9teZqEmqSHPr6h4jAzJGXCx3eK4jy1aH+:8k3yZpmdHPc6AFGyxf6y1ae

Entry address:
0x156EB

Entry point:
E8, C9, 92, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B8, 9C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 8A, 43, 00, 01, 0F, 82, A8, 94, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
7.1149

Code size:
168.5 KB (172,544 bytes)

The file ´˵ұ˸(´˵)v3.exe has been seen being distributed by the following 4 URLs.

Remove ´˵ұ˸(´˵)v3.exe - Powered by Reason Core Security