home

´˵ұ˸(´˵)v3.exe

Downloader

Ruifeng Network Technology Co., Ltd.

The application ´˵ұ˸(´˵)v3.exe by Ruifeng Network Technology Co. has been detected as adware by 23 anti-malware scanners. The file has been seen being downloaded from count.ddooo.com and multiple other hosts.
Publisher:
Ruifeng Network Technology Co., Ltd.  (signed and verified)

Product:
Downloader

Version:
6.0.3.9

MD5:
6a628ef472c14b8cb41531beb33dcdd8

SHA-1:
34f8ebbb669eea622c4bc58bcb604f1a6d493cbb

SHA-256:
987ec6a12998481e302b38e65451446a1042ac321aebd3c7e2fade18a287293c

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/23/2024 9:51:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PLH
661

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-150404

AVG
Generic6
2016.0.3150

Bitdefender
Adware.Agent.PLH
1.0.20.525

Comodo Security
Application.Win32.Qjwmonkey.ADH
21620

Dr.Web
Adware.Qjwmonkey.7
9.0.1.094

Emsisoft Anti-Malware
Adware.Agent.PLH
8.15.04.15.03

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.11419

Fortinet FortiGate
Riskware/Qjwmonkey
4/15/2015

F-Secure
Adware.Agent.PLH
11.2015-15-04_4

G Data
Adware.Agent.PLH
15.4.25

herdProtect (fuzzy)
variant of download (1) (Adware)
2015.7.8.11

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15470

Malwarebytes
PUP.Optional.Chad
v2015.04.15.03

McAfee
Artemis!91289404FFA8
5600.6711

MicroWorld eScan
Adware.Agent.PLH
16.0.0.315

NANO AntiVirus
Riskware.Win32.Qjwmonkey.dqafrm
0.30.8.659

Reason Heuristics
PUP.RuifengNetworkTechnologyCo
15.4.24.0

Sophos
Ruifeng
4.98

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.189

VIPRE Antivirus
Adware Trojan.Win32.Generic
38838

File size:
675.3 KB (691,456 bytes)

Product version:
6.0.3.9

Original file name:
Downloader

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Digital Signature
Signed by:
Ruifeng Network Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
1/14/2015 4:05:07 AM

Valid to:
1/14/2016 4:05:07 AM

Subject:
CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata
Compilation timestamp:
3/28/2015 9:42:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:8zAhsY9teZqEmqSHPr6h4jAzJGXCx3eK4jy1aH+:8k3yZpmdHPc6AFGyxf6y1ae

Entry address:
0x156EB

Entry point:
E8, C9, 92, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B8, 9C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 8A, 43, 00, 01, 0F, 82, A8, 94, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1...
 
[+]

Entropy:
7.1149

Code size:
168.5 KB (172,544 bytes)

The file ´˵ұ˸(´˵)v3.exe has been seen being distributed by the following 4 URLs.

http://count.ddooo.com/redirect.asp?sid=60626&rm=2&downurl=http://.../sketchup2015_60626.rar

http://url.cncrk.com/.../texmod v1.0 ???@25_54827.exe

http://count.cncrk.com/setup.asp?id=54827

http://count.cncrk.com/Download.asp?flag=a&t=o12&ID=52949&sid=54827&URL=http://down.cncrk.com:8080/soft/.../&file=texmod.zip

Remove ´˵ұ˸(´˵)v3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.