» desk365_update_v1.13.20.exe
Overview
Analysis
File Details
Downloads (1)

desk365_update_v1.13.20.exe

TODO:

337 Technology Limited

The application desk365_update_v1.13.20.exe, “TODO: <File description>” by 337 Technology Limited has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from file.soft365.com.

File name:

Publisher:

337 Technology Limited. (signed by 337 Technology Limited)

Product:

TODO: <Product name>

Description:

TODO: <File description>

Version:

1.13.20.7964

MD5:

b184bb19828ad4a17f3ff7885029224d

SHA-1:

9a410921289a1f04d167e9225bebba8e10d01aec

SHA-256:

30cfc899a45572110e5977d9683fa9781ccac359685595589830b7d5e82bba50

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/26/2024 6:30:36 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod920.Trojan

1.3.0.4613

Dr.Web

Adware.Downware.1558

9.0.1.0358

ESET NOD32

Win32/ELEX (variant)

7.9190

Fortinet FortiGate

Adware/D365

12/24/2013

K7 AntiVirus

Unwanted-Program

13.174.10560

Kaspersky

not-a-virus:AdWare.Win32.D365

14.0.0.4571

Malwarebytes

PUP.Optional.Desk365.A

v2013.12.24.08

Reason Heuristics

PUP.337TechnologyLimited.V

14.8.7.20

Trend Micro House Call

TROJ_GEN.R0CBH07I713

7.2.358

File size:

3.3 MB (3,413,072 bytes)

Product version:

1.13.20.7964

Original file name:

e7zInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\desk365_update_v1.13.20.exe

Digital Signature

Signed by:

337 Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

6/25/2012 10:04:18 AM

Valid to:

6/26/2015 10:04:18 AM

Subject:

CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata

Compilation timestamp:

8/13/2013 8:02:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:U/OHPiyjFYX8flEACiaTI8ov+4afYLFW2:5iE+cq1cCiQ2

Entry address:

0x9848

Entry point:

E8, 02, 36, 00, 00, E9, 89, FE, FF, FF, A1, 7C, 70, 41, 00, 83, C8, 01, 33, C9, 39, 05, FC, 7E, 41, 00, 0F, 94, C1, 8B, C1, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, 8A, 41, 00, FF, 15, 7C, 30, 41, 00, 85, C0, 75, 18, 56, E8, 93, 16, 00, 00, 8B, F0, FF, 15, 04, 30, 41, 00, 50, E8, 43, 16, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, AC, 8A, 41, 00, 00, 75, 18, E8, 7A, 27, 00, 00, 6A, 1E, E8, C4, 25, 00, 00, 68... 
[+]

Code size:

68.5 KB (70,144 bytes)

The file desk365_update_v1.13.20.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/dsk/1.13.20/.../Desk365_update_v1.13.20.exe

Remove desk365_update_v1.13.20.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.