home

desk-365_1.5.31.exe

TODO:

337 Technology Limited

The application desk-365_1.5.31.exe, “TODO: <File description>” by 337 Technology Limited has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download.findmysoft.com.
Publisher:
Beijing 337 Technology Co., Ltd.  (signed by 337 Technology Limited)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.5.31.5214

MD5:
101f1e440c561ae5311138ce5a43ad25

SHA-1:
b1c77de0a7afc05e80ddb8b5d10b4e59b54a44dd

SHA-256:
b46f5a5373bfc2c3c297a80ea78f730851bbf6e8acd298d65d706130822dedf2

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/19/2024 8:18:49 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.AddUser
2.1.4+

Bkav FE
W32.Clod183.Trojan
1.3.0.4923

Dr.Web
Adware.Downware.807
9.0.1.054

ESET NOD32
Win32/ELEX (variant)
8.9385

IKARUS anti.virus
not-a-virus:AdWare.Win32
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.11074

Reason Heuristics
PUP.337TechnologyLimited.N
14.8.7.20

Sophos
Generic PUA LB
4.97

File size:
4.1 MB (4,274,768 bytes)

Product version:
1.5.31.5214

Copyright:
Copyright (C) 2012

Original file name:
icabinet.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\program\desk-365_1.5.31.exe

Digital Signature
Signed by:
337 Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 4:04:18 PM

Valid to:
6/26/2015 4:04:18 PM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
1/23/2013 2:04:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:ZXMOLr2nwwsC5y7tW1EcC6oi2MXYoAZiY8WxYVzZuCw6nVxcc9tr2l+w:KkCnwwsFW1Uyx9jxQMw

Entry address:
0x6979

Entry point:
E8, F1, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, E4, 9E, 41, 00, FF, 15, A8, 40, 41, 00, 85, C0, 75, 18, 56, E8, 01, E7, FF, FF, 8B, F0, FF, 15, 70, 40, 41, 00, 50, E8, B1, E6, FF, FF, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, 94, 41, 00, 89, 0D, 24, 94, 41, 00, 89, 15, 20, 94, 41, 00, 89, 1D, 1C, 94, 41, 00, 89, 35, 18, 94, 41, 00, 89, 3D, 14, 94, 41, 00, 66, 8C, 15, 40, 94, 41, 00, 66, 8C, 0D, 34, 94, 41, 00...
 
[+]

Entropy:
7.9684  (probably packed)

Code size:
76 KB (77,824 bytes)

The file desk-365_1.5.31.exe has been seen being distributed by the following URL.

http://download.findmysoft.com/2013/01/.../Desk-365_1.5.31.exe

Remove desk-365_1.5.31.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.