home

ainishare.exe

Ainishare Free Center

Hengyida Information Technology CO.,LTD.

The application ainishare.exe by Hengyida Information Technology CO.,LTD has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process. The file has been seen being downloaded from download.gilisoft.com and multiple other hosts.
Publisher:
Ainishare.com   (signed by Hengyida Information Technology CO.,LTD.)

Product:
Ainishare Free Center

Version:
1.0.0

MD5:
233f28e2afd9dc331a83f3d3cba907ec

SHA-1:
eb9fbd40e3a9107b3212e8d973d8cbacf5007f43

SHA-256:
b9f9fd61e0a3612af5682837ad00ad489bc6d02d8479ba968ba885c8ab16c6b1

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/26/2024 6:55:44 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.2013
9.0.1.0245

Malwarebytes
PUP.Optional.Somoto.A
v2014.09.02.12

McAfee
Artemis!233F28E2AFD9
5600.7020

Reason Heuristics
PUP.Installer.HengyidaInformationTechnologyCOLTD
15.4.2.1

File size:
1.7 MB (1,746,296 bytes)

Product version:
1.0.0

Copyright:
Copyright © 2008-2014 Ainishare International LLC.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ainishare.exe

Digital Signature
Signed by:
Hengyida Information Technology CO.,LTD.

Authority:
WoSign CA Limited

Valid from:
1/15/2014 3:35:57 AM

Valid to:
1/15/2015 3:35:57 AM

Subject:
CN="Hengyida Information Technology CO.,LTD.", E=EastRiverGroup@yahoo.com, O="Hengyida Information Technology CO.,LTD.", L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
166DAF8F034BBD9BE8EBE24044970524

File PE Metadata
Compilation timestamp:
10/9/2012 3:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:03yr38Ddjwg7bCUt4NVH6O0NDZ8sRCcmWAS0eDbUH5Z/D9kqtZaTm:rLkjwgKb330os4+tFDWHZ6m

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Entropy:
7.9639

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file ainishare.exe has been seen being distributed by the following 2 URLs.

http://download.gilisoft.com/.../ainishare-free-screen-recorder.exe

http://download.gilisoft.com/.../ainishare.exe

Remove ainishare.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.