» acdsee+18注册机(序列号)@316_46181.exe
Overview
Analysis
File Details
Downloads (13)
Network (4)

acdsee+18注册机(序列号)@316_46181.exe

downloader

Hefei Lewei Information Technology Co., Ltd.

The application acdsee+18注册机(序列号)@316_46181.exe by Hefei Lewei Information Technology Co. has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts. While running, it connects to the Internet address 158.226.204.221.adsl-pool.sx.cn on port 80 using the HTTP protocol.

File name:

Publisher:

Hefei Lewei Information Technology Co., Ltd. (signed and verified)

Product:

downloader

Version:

1.0.2.1110

MD5:

6b107449524d0f1fecab0af024b9f7a2

SHA-1:

35ad7db3e8d0d3ba39e83dbd6e063a1fe9731a37

SHA-256:

ced1d7d569e77fd77005410a6910edcd36d38273bb0ff60c1980f766d884f898

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

5/14/2024 2:28:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.112384

AegisLab AV Signature

Gen.Variant.Strictor!c

2.1.4+

Avira AntiVirus

ADWARE/Qjwmonkey.gfell

8.3.3.4

Arcabit

Trojan.Strictor.D1B700

1.0.0.788

avast!

Win32:Adware-gen [Adw]

2014.9-161124

Bitdefender

Gen:Variant.Strictor.112384

1.0.20.1645

Bkav FE

W32.eHeur.Malware08

1.3.0.8455

Dr.Web

Adware.Qjwmonkey.92

9.0.1.0329

Emsisoft Anti-Malware

Gen:Variant.Strictor.112384

8.16.11.24.03

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

10.14485

Fortinet FortiGate

Riskware/Qjwmonkey

11/24/2016

F-Secure

Gen:Variant.Strictor.112384

11.2016-24-11_5

G Data

Gen:Variant.Strictor.112384

16.11.25

IKARUS anti.virus

PUA.Qjwmonkey

t3scan.2.1.16.0

K7 AntiVirus

Adware

13.245.21584

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.-756

McAfee

Artemis!6B107449524D

5600.6206

Microsoft Security Essentials

BrowserModifier:Win32/Qiwmonk

1.1.13303.0

MicroWorld eScan

Gen:Variant.Strictor.112384

17.0.0.987

Panda Antivirus

Trj/CI.A

16.11.24.03

Rising Antivirus

Malware.BrowserModifier!8.282-wx1AzIoqPeQ (cloud)

23.00.65.161122

Sophos

QjMonkey (PUA)

4.98

SUPERAntiSpyware

PUP.Bundler/Variant

8757

ViRobot

Adware.Strictor.878552[h]

2014.3.20.0

File size:

858 KB (878,552 bytes)

Product version:

1.0.2.1110

Original file name:

downloader

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\acdsee+18注册机(序列号)@316_46181.exe

Digital Signature

Signed by:

Hefei Lewei Information Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

7/21/2016 9:48:45 AM

Valid to:

10/21/2017 9:48:45 AM

Subject:

CN="Hefei Lewei Information Technology Co., Ltd.", O="Hefei Lewei Information Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

442B4BD7C6E9DFE2FE113E4884E56936

File PE Metadata

Compilation timestamp:

11/10/2016 8:44:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:D/qCSVCo4Iu8BQyja2Qz3MNRNQdKnRFSLLVBBN/4d+V:DZalvtN5Qz3MNRGEnRIL34dq

Entry address:

0x197490

Entry point:

60, BE, 00, C0, 4C, 00, 8D, BE, 00, 50, F3, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8722

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

816 KB (835,584 bytes)

The file acdsee+18注册机(序列号)@316_46181.exe has been seen being distributed by the following 13 URLs.

http://xiazai.zol.com.cn/down.php?softid=422718&subcateid=34&site=10&checkStr=33887f07a13478aec&pos=dxgs2&rand=5861f3

http://10081.url.7wkw.com/.../Zoom@34_181874.exe

http://url.222bz.com/.../Cheat@34_151915.exe

http://count.ddooo.com/redirect.asp?sid=77758&rm=2&downurl=http://.../lantern_77758.rar

http://10137.url.246546.com/.../????????238_263680.exe

http://10074.url.246546.com/.../LG KDZ?????????(LG Flash Tool) ????????156_185604.exe

http://down10d.zol.com.cn/.../3__3112277__3f7372633d6c6d266c733d6e37396334346664343966__68616f2e3336302e636e__0caa@81_408418.exe

http://url.222bz.com/.../????2????@264_16890.exe

http://url.222bz.com/.../AdobeReaderXI(pdf??????)v11.0.11.18?€?????????@136_26288.exe

http://url.222bz.com/.../visio 2010 ????(visio????) ???(??“KMS”)@156_135360.exe

http://down10d.zol.com.cn/.../cexiugaiqi-v6.6@81_427241.exe

http://down10d.zol.com.cn/.../fm727chb174_build_setup@81_34013.exe

http://url.222bz.com/.../Balsamiq Mockups 3.3.3 ????? ????????????@67_103223.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a184-29-96-8.deploy.static.akamaitechnologies.com (184.29.96.8:80)

TCP (HTTP):

Connects to 158.226.204.221.adsl-pool.sx.cn (221.204.226.158:80)

TCP (HTTP):

Connects to dns187.online.tj.cn (111.161.3.187:80)

TCP (HTTP):

Connects to reverse.gdsz.cncnet.net (58.251.148.139:80)

Remove acdsee+18注册机(序列号)@316_46181.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.