home

vtt_omiga-plus.exe

599_vtt

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application vtt_omiga-plus.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.nextupsw.com.
Publisher:
Hefei Zhimingxingtong Software&Technology Co., Ltd.  (signed and verified)

Product:
599_vtt

Description:
File Work

Version:
14.4.4.18

MD5:
5ba1ff4387245780830a0b277bc40b58

SHA-1:
275117d2cc52b4c99b41d06ca910da3ac64760c2

SHA-256:
b203c591dc6fc11f7f1b7d335fbbd275ba3d686207c8667e7bd49a7ef1bd88a9

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:02:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.ELEX
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.26

Avira AntiVirus
TR/Dldr.JQVM
7.11.163.248

AVG
Downloader.Generic13
2015.0.3396

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1471

Dr.Web
Adware.Mutabaha.56
9.0.1.0213

ESET NOD32
Win32/ELEX.AQ (variant)
8.10154

Fortinet FortiGate
Adware/ELEX
8/1/2014

herdProtect (fuzzy)
variant of smt_omiga-plus.exe (PUP)
2014.9.2.18

K7 AntiVirus
Riskware
13.181.12846

Kaspersky
not-a-virus:AdWare.Win32.ELEX
14.0.0.3475

Malwarebytes
PUP.Optional.SearchHijacker.A
v2014.07.01.06

McAfee
Artemis!FEC3A8922794
5600.7082

NANO AntiVirus
Riskware.Win32.ELEX.dcibld
0.28.2.60990

Qihoo 360 Security
Win32/Trojan.a67
1.0.0.1015

Reason Heuristics
PUP.HefeiZhimingxingtongSoftwareTechnologyCo.O
14.7.10.1

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.14629

Sophos
Generic PUA NO
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Rebnip
10449

Trend Micro House Call
Suspicious_GEN.F47V0717
7.2.182

Vba32 AntiVirus
AdWare.ELEX
3.12.26.3

File size:
622.2 KB (637,112 bytes)

Product version:
14.4.4.18

Copyright:
Copyright (C) 2014

Original file name:
FileWork.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vtt_omiga-plus.exe

Digital Signature
Signed by:
Hefei Zhimingxingtong Software&Technology Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/29/2013 7:07:05 AM

Valid to:
10/30/2014 7:07:05 AM

Subject:
CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata
Compilation timestamp:
6/26/2014 10:29:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:6qxrcG9PMGOqVyHjCb6xByDdcl3A/IdppSdBK6HuIRAr0DpKt14I0Lxy:6qx990GOqVnIGzK6HueJwtMLw

Entry address:
0x4E2AF

Entry point:
E8, 21, EF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 80, A3, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 35, A3, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, C0, 38, 48, 00, FF, 15, 60, A2, 46, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, C4, 38, 48, 00, 74, 40, 56, E8, A8, 40, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 98, 40, 00, 00, 59, E8, 5B, B1, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Code size:
417 KB (427,008 bytes)

The file vtt_omiga-plus.exe has been seen being distributed by the following URL.

http://i.nextupsw.com/inst/software/5959A5B8-9655-412F-9B99-3C168B76C6BF/.../vtt_omiga-plus.exe

Remove vtt_omiga-plus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.