» vau6606.tmp.exe
Overview
Analysis
File Details

vau6606.tmp.exe

4208_ium6_mystartsearch

Taiming Li

The application vau6606.tmp.exe by Taiming Li has been detected as adware by 7 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

vau6606.tmp.exe

Publisher:

Welnk.com (signed by Taiming Li)

Product:

4208_ium6_mystartsearch

Description:

Welnk

Version:

6.6.86.1640

MD5:

d6d554d82aecc4512a1881471ad66ca7

SHA-1:

d73917f11ead52d0b15d5e49876f8f2a38d22d2f

SHA-256:

3753d888af34dba30eca33db4f5478841d702aa1625914c0b35bbfb64470d577

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

11/1/2024 1:26:41 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Adware.Mutabaha.597

9.0.1.0249

herdProtect (fuzzy)

variant of tti_omniboxes.exe (Adware)

2015.9.6.17

Malwarebytes

PUP.Optional.IStartSurf.ShrtCln

v2015.09.06.05

NANO AntiVirus

Riskware.Win32.Mutabaha.dunath

0.30.24.2668

Quick Heal

PUA.MSJDGBTIR.OD6

9.15.14.00

Reason Heuristics

PUP.Ma Lin.ELEX (M)

15.8.2.1

File size:

276 KB (282,592 bytes)

Product version:

6.6.86.1000

Original file name:

WeLink.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\vau6606.tmp.exe

Digital Signature

Signed by:

Taiming Li

Authority:

DigiCert Inc

Valid from:

12/7/2014 10:00:00 PM

Valid to:

12/16/2015 10:00:00 AM

Subject:

CN=Taiming Li, O=Taiming Li, L=Shennongjia, S=Hubei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06C261849DE7A4965D53FC6325143E03

File PE Metadata

Compilation timestamp:

7/23/2015 7:47:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:DoxCDGaymlXtzSCelgS/oOvtmOcnxY/HkQhpJt:DjaNm8ll/oOFmXnendt

Entry address:

0x13584

Entry point:

E8, 87, B7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 18, 95, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 60, 91, 42, 00, C9, C2, 08, 00, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4... 
[+]

Code size:

160 KB (163,840 bytes)

Remove vau6606.tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.