» desk365_update_v1.14.20.exe
Overview
Analysis
File Details
Downloads (1)

desk365_update_v1.14.20.exe

TODO:

337 Technology Limited

The application desk365_update_v1.14.20.exe, “TODO: <File description>” by 337 Technology Limited has been detected as adware by 10 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from file.soft365.com.

File name:

Publisher:

337 Technology Limited. (signed by 337 Technology Limited)

Product:

TODO: <Product name>

Description:

TODO: <File description>

Version:

1.14.20.8091

MD5:

6ee06bc52ab6a493ca8fbb1233362604

SHA-1:

b253b7f4119289846e5e91f72e0c616e5c4a0f32

SHA-256:

812151cca2ecdd1440230289b76be438b413df0ce0dd384d792631b5520498ff

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

4/26/2024 3:48:02 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodc11.Trojan

1.3.0.4613

Comodo Security

ApplicUnwnt

17439

Dr.Web

Adware.Mutabaha.29

9.0.1.0358

ESET NOD32

Win32/ELEX (variant)

7.9173

Fortinet FortiGate

Adware/D365

12/24/2013

IKARUS anti.virus

not-a-virus:AdWare.Win32

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.174.10509

Kaspersky

not-a-virus:AdWare.Win32.D365

14.0.0.4575

Reason Heuristics

PUP.337TechnologyLimited.V

14.8.7.20

Trend Micro House Call

TROJ_GEN.R0CBH07I913

7.2.358

File size:

3.3 MB (3,443,280 bytes)

Product version:

1.14.20.8091

Original file name:

e7zInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\desk365_update_v1.14.20.exe

Digital Signature

Signed by:

337 Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

6/25/2012 11:04:18 AM

Valid to:

6/26/2015 11:04:18 AM

Subject:

CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata

Compilation timestamp:

9/2/2013 2:10:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:D/Oo6O5jRY3veiUggOdPrXO5qjw9jwegVKVqQA676I:IOl6mf0O5zj9gQYJI

Entry address:

0x9848

Entry point:

E8, 02, 36, 00, 00, E9, 89, FE, FF, FF, A1, 7C, 70, 41, 00, 83, C8, 01, 33, C9, 39, 05, FC, 7E, 41, 00, 0F, 94, C1, 8B, C1, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, 8A, 41, 00, FF, 15, 7C, 30, 41, 00, 85, C0, 75, 18, 56, E8, 93, 16, 00, 00, 8B, F0, FF, 15, 04, 30, 41, 00, 50, E8, 43, 16, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, AC, 8A, 41, 00, 00, 75, 18, E8, 7A, 27, 00, 00, 6A, 1E, E8, C4, 25, 00, 00, 68... 
[+]

Code size:

68.5 KB (70,144 bytes)

The file desk365_update_v1.14.20.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/dsk/1.14.20/.../Desk365_update_v1.14.20.exe

Remove desk365_update_v1.14.20.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.