wjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb_a9.exe

4188_pcm_istartsurf

Taiming Li

The application wjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb_a9.exe by Taiming Li has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 4threquest.me.
Publisher:
Welnk.com  (signed by Taiming Li)

Product:
4188_pcm_istartsurf

Description:
Welnk

Version:
6.6.86.1636

MD5:
5166906c5097e306246f7b7b33cc0243

SHA-1:
9b005b6f4c544d18d612f40578c11b0d99c93ada

SHA-256:
d86eb47dba0dbf72aca1a195f88aa532355477ab460685563a90da57524433e5

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/24/2024 6:39:44 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Mutabaha.590
9.0.1.0210

herdProtect (fuzzy)
2015.9.2.7

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.07.29.07

Quick Heal
PUA.MSJDGBTIR.OD6
7.15.14.00

Reason Heuristics
PUP.Ma Lin.ELEX (M)
15.7.29.19

File size:
504 KB (516,064 bytes)

Product version:
6.6.86.1000

Copyright:
Copyright (C) Welnk 2006

Original file name:
WeLink.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\owjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb\wjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb_a9.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
12/7/2014 9:00:00 PM

Valid to:
12/16/2015 9:00:00 AM

Subject:
CN=Taiming Li, O=Taiming Li, L=Shennongjia, S=Hubei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06C261849DE7A4965D53FC6325143E03

File PE Metadata
Compilation timestamp:
7/21/2015 11:19:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:3EiWZCiL2jo0LIcAQ9isHb2gSKb5xn6w7ogngnomso:UiWcE2jo0SQHHSc5J97Jngnlso

Entry address:
0xF479

Entry point:
E8, 6E, CC, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 88, A5, 45, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 08, A2, 45, 00, C9, C2, 08, 00, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00...
 
[+]

Code size:
356 KB (364,544 bytes)

The file wjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb_a9.exe has been seen being distributed by the following URL.