home

529_bxk_istart.webssearches.com.exe

529_bxk

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application 529_bxk_istart.webssearches.com.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as a potentially unwanted program by 11 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Hefei Zhimingxingtong Software&Technology Co., Ltd.  (signed and verified)

Product:
529_bxk

Description:
File Work

Version:
14.4.4.13

MD5:
af3ac2bd79a178712e867562b1d49e1f

SHA-1:
a98f4fb52d69220994092b04ea233923b4e9308b

SHA-256:
89fa9ddbc2da388dc8ac9f2c18ba58461cb535aee68ce77e6d2559415c5b75fa

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:01:12 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.07.31

AVG
Generic
2015.0.3397

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14730

Dr.Web
Adware.Mutabaha.54
9.0.1.05190

ESET NOD32
Win32/ELEX.AL potentially unwanted application
7.0.302.0

herdProtect (fuzzy)
variant of smt_sweet-page_new.exe (PUP)
2014.9.10.10

Kaspersky
not-a-virus:AdWare.Win32.ELEX
14.0.0.3481

Malwarebytes
PUP.Optional.SearchHijacker.A
v2014.07.30.04

Reason Heuristics
PUP.HefeiZhimingxingtongSoftwareTechnologyCo.DD
14.7.30.15

Rising Antivirus
PE:Worm.Rebhip!1.64F0
23.00.65.14728

File size:
625.2 KB (640,184 bytes)

Product version:
14.4.4.13

Copyright:
Copyright (C) 2014

Original file name:
FileWork.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0bbf0846_stp\529_bxk_istart.webssearches.com.exe

Digital Signature
Signed by:
Hefei Zhimingxingtong Software&Technology Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/29/2013 7:07:05 AM

Valid to:
10/30/2014 7:07:05 AM

Subject:
CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata
Compilation timestamp:
6/9/2014 10:37:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:zizhRMh7FVbkhPwhVZmEcZNCYE0kq6qh6VbVlbc4fEDyAs4fAA6h+t7xKa7KOZdP:mzhah7FVzVZiZNCYE9D8J6hA7KQ

Entry address:
0x4F3DF

Entry point:
E8, 04, 08, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 7C, BA, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 3D, B8, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, B0, 71, 48, 00, FF, 15, 48, D2, 46, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, B4, 71, 48, 00, 74, 40, 56, E8, 24, 61, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 14, 61, 00, 00, 59, E8, AB, C2, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Code size:
430.5 KB (440,832 bytes)

Remove 529_bxk_istart.webssearches.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.