home

斗罗大陆_秒下微端-cujuxa.exe

ZSG

趣游时代(北京)科技有限公司

The application 斗罗大陆_秒下微端-cujuxa.exe, “ZSG Setup ” by 趣游时代(北京)科技有限公司 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from behavior.dldl.g.yx-g.cn.
Publisher:
风凌网络   (signed by 趣游时代(北京)科技有限公司)

Product:
ZSG

Description:
ZSG Setup

Version:
1.0.10.18

MD5:
3669fc0cc3bdfd76962dbb8e7def6e36

SHA-1:
a4d1c09a6e28663b30df57cb0ba01f14121de6ae

SHA-256:
f4506545a7d9dc1cc86dfe3ec13cb1d29535acec0e76f09e22eb3e9aed6f6bf0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/16/2024 9:28:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
16.12.1.7

File size:
2.9 MB (3,056,560 bytes)

Product version:
1.0.10.18

Copyright:
风凌网络 版权所有

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\斗罗大陆_秒下微端-cujuxa.exe

Digital Signature
Signed by:
趣游时代(北京)科技有限公司

Authority:
WoSign CA Limited

Valid from:
4/7/2016 1:37:34 AM

Valid to:
7/7/2017 1:37:34 AM

Subject:
CN=趣游时代(北京)科技有限公司, O=趣游时代(北京)科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2674612888778CD8E2B4B798C1D844D1

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:A75XlfpMiL1pRSOv+xB6+Zoj0zfTbaecilnFJTC96sL5URhYf2mi43ibjmZeD6Ib:A5XlfpMiL1p8NB6+CQzaVinbG7f2miWg

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9608

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file 斗罗大陆_秒下微端-cujuxa.exe has been seen being distributed by the following URL.

http://behavior.dldl.g.yx-g.cn/autoclient/.../al.ashx?uid=z756155042&pid=4017&sid=s5&s=?platform=8090&uid=z756155042&gkey=dldl&skey=5&time=1480534020&is_adult=1&exts=W10=&back_url=www.8090.com&type=web&sign=dbb9af7065ce960b96dbae408a732584&pid=4017

Remove 斗罗大陆_秒下微端-cujuxa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.