wpc_mystartsearch.exe

3417_wpc_mystartsearch

Fuyuan Zhou

The application wpc_mystartsearch.exe by Fuyuan Zhou has been detected as adware by 12 anti-malware scanners.
Publisher:
768  (signed by Fuyuan Zhou)

Product:
3417_wpc_mystartsearch

Description:
768

Version:
6,3,7601,2068

MD5:
66626fe267b37ad56be5bafea39b21ba

SHA-1:
3aae8aa08ff18460cbf4a610f3e4c3430cfe7acb

SHA-256:
00e769971ea9cb78614b3aa2af588109a943e1da2761f63a12ee330bcbd10e5b

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/25/2024 2:27:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15420

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.278
9.0.1.05190

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant)
9.11583

herdProtect (fuzzy)
2015.7.21.21

K7 AntiVirus
Adware
13.203.15818

Malwarebytes
PUP.Optional.MyStartSearch.A
v2015.04.20.12

Quick Heal
PUA.MSJDGBTIR.OD6
4.15.14.00

Reason Heuristics
Threat.FuyuanZhou
15.4.20.8

Sophos
Elex
4.98

VIPRE Antivirus
Threat.4726263
39354

File size:
473.6 KB (484,960 bytes)

Product version:
6,3,7601,2068

Copyright:
mysl

Original file name:
768

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\temp\wpc_mystartsearch.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/15/2015 2:00:00 AM

Valid to:
1/20/2016 2:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08CA606335C89594E0B8D9706948A708

File PE Metadata
Compilation timestamp:
3/27/2015 12:00:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jICUcYNzj0jO2WMux0Y7XZir3RYA2vfPW17aTBFZMf1sJoqmA:J2/fXC2Jir3Klvf47aTfZMfQmA

Entry address:
0x1F7DC

Entry point:
E8, 94, 6F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B4, BB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B4, BB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85...
 
[+]

Entropy:
6.3637

Code size:
335.5 KB (343,552 bytes)

Remove wpc_mystartsearch.exe - Powered by Reason Core Security