home

chr.exe

Nosemay

Shanghai Yuntong Technology Co., Ltd.

The application chr.exe, “Nosemay Installer” by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It runs as a separate (within the context of its own process) windows Service named “Install Service(NosemayDL)”.
Publisher:
Shanghai Yuntong Technology Co., Ltd.  (signed and verified)

Product:
Nosemay

Description:
Nosemay Installer

Version:
1.0.0.1

MD5:
d062bb9c2d55c29ba4ede11906350488

SHA-1:
6645ffcadb129da200baed8a0e5771d679f8efc4

SHA-256:
18d45f76b6d44be55c0c050b3b777471743d35ea226ccb7bcd40060b1204bc4e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/31/2024 10:32:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex (M)
16.6.26.12

File size:
422.9 KB (433,032 bytes)

Product version:
50.27.2661.78

Copyright:
Copyright (C) 2016 Nosemay Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\tools\chr.exe

Digital Signature
Signed by:
Shanghai Yuntong Technology Co., Ltd.

Subject:
CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Serial number:
1A3EAC6C38C71B1E4CE1FA41CFA093E5

File PE Metadata
Compilation timestamp:
5/30/2016 10:36:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:Nn0g+xVRD3yU4OX4pY6q75TnA6icfMUT6KvLTa/fr0gZEj8J+Cc5iS:b6Vlp4y4pRq757Ti2Mk6KvHa/QMDJ7TS

Entry address:
0x2A201

Entry point:
8F, 5C, 73, 00, 00, 8F, E7, C7, 8A, 96, 3C, ED, 8B, 53, 00, 96, 7C, EA, 95, 7D, 00, 96, 1C, 6E, 98, 2C, FD, 9B, 2D, 00, 0F, 30, 71, 00, A9, 99, 72, BD, 84, 2D, 00, 36, 98, 2C, E5, 9B, 2D, 00, 3A, FA, 20, E2, 85, E7, 8B, 1D, 76, 00, 00, 0C, 70, D1, 14, 00, 6B, 00, E2, F9, 01, 6C, 03, 64, 3E, F4, 5C, CA, D9, 3A, 21, 00, FC, 64, C5, 3A, 21, 00, FC, 7C, C1, 3A, 21, 00, FC, 74, CD, 3A, 21, 00, FC, 5C, C9, 3A, 21, 00, FC, 54, F5, 3A, 21, 00, 13, E5, 7C, AE, 3B, 7F, 00, 0F, E5, 6B, DB, 65, 33, 00, 0F, EA, 7A, A1...
 
[+]

Code size:
308.5 KB (315,904 bytes)

Service
Display name:
Install Service(NosemayDL)

Service name:
NosemayDL

Description:
To ensure browser softwareinstallation is completed.This service uninstallsitself after browsersoftware installed.

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove chr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.