» xpvistawin7-ommoo11018@81_375493.exe
Overview
Analysis
File Details
Downloads (6)

xpvistawin7-ommoo11018@81_375493.exe

Downloader

Maanshan Zhiye Software Technology Co.,Ltd.

The application xpvistawin7-ommoo11018@81_375493.exe by Maanshan Zhiye Software Technology Co.,Ltd has been detected as a potentially unwanted program by 30 anti-malware scanners. The file has been seen being downloaded from url.downxia.com and multiple other hosts.

File name:

Publisher:

Maanshan Zhiye Software Technology Co.,Ltd. (signed and verified)

Product:

Downloader

Version:

6.6.6.12

MD5:

d54b530d8cb2796f3c2f288453a94126

SHA-1:

e747226a20fff324401b1a22980cf959e450dd09

SHA-256:

c60ce376e48fe235d5a772199c0ea3db35911e2ce63b73dbcdd6ab0812ad2f4a

Scanner detections:

30 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 1:01:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1438389

555

Agnitum Outpost

PUA.Qjwmonkey

7.1.1

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.07.30

Avira AntiVirus

ADWARE/Qjwmonkey.B

8.3.1.6

Arcabit

Application.Generic.D15F2B5

1.0.0.425

avast!

Win32:Adware-gen [Adw]

2014.9-150729

AVG

Generic6

2016.0.3033

Baidu Antivirus

Adware.Win32.Qjwmonkey

4.0.3.15729

Bitdefender

Application.Generic.1438389

1.0.20.1050

Bkav FE

W32.HfsAdware

1.3.0.6979

Clam AntiVirus

Win.Adware.Multiplug-47165

0.98/21511

Dr.Web

Adware.Qjwmonkey.28

9.0.1.0210

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

9.12013

Fortinet FortiGate

Riskware/BindEx

7/29/2015

F-Prot

W32/Qjwmonkey.A.gen

v6.4.7.1.166

G Data

Application.Generic.1438389

15.7.25

IKARUS anti.virus

not-a-virus:Downloader.BindEx

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.207.16726

Kaspersky

not-a-virus:Downloader.Win32.BindEx

14.0.0.1660

Malwarebytes

Adware.Qjwmonkey

v2015.07.29.11

McAfee

RDN/PUP-FXI

5600.6689

MicroWorld eScan

Application.Generic.1438389

16.0.0.630

NANO AntiVirus

Riskware.Win32.Qjwmonkey.dtikwj

0.30.24.2668

Panda Antivirus

Trj/Genetic.gen

15.07.29.11

Quick Heal

Downloader.BindEx.r5 (Not a Virus)

7.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.12.15.0

Sophos

Generic PUA OH

4.98

Trend Micro

TROJ_GEN.R0EBC0EGR15

10.465.29

Vba32 AntiVirus

Downloader.BindEx

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

42436

File size:

667.4 KB (683,400 bytes)

Product version:

6.6.6.12

Original file name:

Downloader

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Common path:

C:\users\{user}\downloads\xpvistawin7-ommoo11018@81_375493.exe

Digital Signature

Signed by:

Maanshan Zhiye Software Technology Co.,Ltd.

Authority:

WoSign CA Limited

Valid from:

6/23/2015 4:16:36 PM

Valid to:

6/23/2016 4:16:36 PM

Subject:

CN="Maanshan Zhiye Software Technology Co.,Ltd.", O="Maanshan Zhiye Software Technology Co.,Ltd.", L=Maanshan, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

3D7C777EF58CFA82C4E91062E6F9F17E

File PE Metadata

Compilation timestamp:

6/26/2015 6:16:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:7GBRv73faZtijmqSH46hxnkNUNZyF1+Ox66:KBNOZMjmdH1xnkNU41+Oxj

Entry address:

0x164BB

Entry point:

E8, 69, 86, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, A5, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 8A, 43, 00, 01, 0F, 82, 48, 88, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1... 
[+]

Entropy:

6.8165

Code size:

168.5 KB (172,544 bytes)

The file xpvistawin7-ommoo11018@81_375493.exe has been seen being distributed by the following 6 URLs.

http://url.downxia.com/.../?????????????? V2.3 ???@34_69980.exe

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=4126383

http://xiazai.zol.com.cn/down.php?nn=cf369a8b062619e15&softid=131571&subcateid=56&site=10&server=10&rand=6121852

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=1030058

http://xiazai.zol.com.cn/down.php?nn=bc29f4c14ea51514c&softid=135373&subcateid=327&site=10&server=10&rand=4703216

http://xiazai.zol.com.cn/down.php?nn=16410870a7e32f26c&softid=26465&subcateid=325&site=10&server=10&rand=2355270

Remove xpvistawin7-ommoo11018@81_375493.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.