wwaywqrhscskyy6_a7.exe

2054_pcm_webssearches

Ma Lin

The application wwaywqrhscskyy6_a7.exe by Ma Lin has been detected as adware by 26 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.2ndrequest.me and multiple other hosts.
Publisher:
JWTab  (signed by Ma Lin)

Product:
2054_pcm_webssearches

Description:
Tab Syn

Version:
6.3.7601.1275

MD5:
cc955b6e6dd27d7b43cca41c8b79de50

SHA-1:
bb90741a666d5cd1d5161962a7d872f5ee42f3e4

SHA-256:
c48a3dcac21be37155d933f4d6264e99c94af9516d0daf6ee0569d6b43cb1298

Scanner detections:
26 / 68

Status:
Adware

Analysis date:
12/25/2024 1:50:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Elex.1
6156172

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.SearchHijacker
2014.12.16

AVG
Generic
2015.0.3258

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.141216

Bitdefender
Gen:Application.Elex.1
1.0.20.1750

Dr.Web
Adware.Mutabaha.84
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Elex
9.0.0.4668

ESET NOD32
Win32/LiMo.C potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/LiMo
12/16/2014

F-Prot
W32/Trojan3.MTL
4.6.5.141

F-Secure
Riskware.Gen:Application.Elex.1
5.13.68

G Data
Gen:Application.Elex
14.12.24

IKARUS anti.virus
PUA.LiMo
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.187.14339

Malwarebytes
PUP.Optional.Bundle
v2014.12.16.04

McAfee
Trojan.Artemis!CC955B6E6DD2
16.8.708.2

MicroWorld eScan
Gen:Application.Elex.1
15.0.0.1050

NANO AntiVirus
Riskware.Win32.Mutabaha.djrxwq
0.28.6.64267

Norman
Gen:Application.Elex.1
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.16.04

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.MaLin.S
14.12.12.16

Sophos
Generic PUA LL
4.98

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Backdoor.PePatch.Win32.53704
2.0.0.2006

File size:
285 KB (291,880 bytes)

Product version:
6.3.7601.1275

Copyright:
JWTab

Original file name:
Tab.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\wwaywqrhscskyy6_a7.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
11/24/2014 1:00:56 AM

Valid to:
7/24/2015 12:00:56 AM

Subject:
CN=Ma Lin, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
26954AE19A551B1D622A23C25DBE2503

File PE Metadata
Compilation timestamp:
11/13/2014 12:51:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:vhDG2kR1028HY3zugTBeRM3Znudpzr2SUUsb+4TdRnBHJbhlxOxtsEosyA+VxA:ZDnS1028HEugTB+IudV2l7dTzP1A+g

Entry address:
0x11DB6

Entry point:
E8, 43, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, CD, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 78, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, CD, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
167.5 KB (171,520 bytes)

The file wwaywqrhscskyy6_a7.exe has been seen being distributed by the following 2 URLs.

Remove wwaywqrhscskyy6_a7.exe - Powered by Reason Core Security