wpc_mystartsearch.exe

2644_wpc_mystartsearch

Fuyuan Zhou

The application wpc_mystartsearch.exe by Fuyuan Zhou has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.girlyangshijian.com and multiple other hosts.
Publisher:
TabMain  (signed by Fuyuan Zhou)

Product:
2644_wpc_mystartsearch

Description:
TabMain

Version:
6.3.76.1520

MD5:
0dda4ecb3b7cbbad43a6f0b8737b9ba5

SHA-1:
0d109491204124c59fdd564acf38d735a7a5e495

SHA-256:
8609c46a929ebe0b0c80865199ff7c7230fd9dc7ba641fa7ccbd2ab69c486ed7

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 6:42:30 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.MyStartSearch.A
v2015.02.09.08

Reason Heuristics
PUP.FuyuanZhou
15.2.14.11

File size:
283.6 KB (290,400 bytes)

Product version:
6.3.76.1520

Copyright:
Copyright (C) 2014

Original file name:
TMain.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp\wpc_mystartsearch.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B378A1487E66949A44C8CAE23820481

File PE Metadata
Compilation timestamp:
1/23/2015 8:15:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:W6/ZOcQQenUR7erRDZba2EGmiXnLlzupz6:WoAQenNRNbaNiXnLP

Entry address:
0x1386B

Entry point:
E8, 22, C3, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
166.5 KB (170,496 bytes)

The file wpc_mystartsearch.exe has been seen being distributed by the following 2 URLs.

Remove wpc_mystartsearch.exe - Powered by Reason Core Security