home

foxit_elex_v9.exe

Installer Application

Beijing ELEX Technology Co.,Ltd

The application foxit_elex_v9.exe by Beijing ELEX Technology Co.,Ltd has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 4e.f7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Eadwin  (signed by Beijing ELEX Technology Co.,Ltd)

Product:
Installer Application

Description:
Installer

Version:
1.9.0.1

MD5:
e3d544c35826624bfa0a593608c648cc

SHA-1:
0a6edda66b8bbe03ea72b281da69e49f915d553f

SHA-256:
1bab1a160aef79b507f488f5e356c6dd38289c191c2e7d55ca216cb049cdfee9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:14:48 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.Agent.~BHO
17642

Reason Heuristics
PUP.Installer.BeijingELEXTechnologyCoLtd.N
14.7.10.2

File size:
1.9 MB (2,036,160 bytes)

Product version:
1.9.0.1

Copyright:
Copyright (C) 2012

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\foxit_elex_v9.exe

Digital Signature
Signed by:
Beijing ELEX Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/25/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN="Beijing ELEX Technology Co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing ELEX Technology Co.,Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
27BF924EA3BB364A9C0278C0BA682879

File PE Metadata
Compilation timestamp:
7/23/2012 9:00:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:hL3XdCR5DvE+bdJq8lqjZ0Rrt2uXH8w0jPaVVKl:t3tCR7JE0RVXHoAY

Entry address:
0x488BF

Entry point:
E8, 3B, A4, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 14, 7A, 46, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 8E, 78, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 8A, 44, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03...
 
[+]

Code size:
393 KB (402,432 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 4e.f7.24ae.ip4.static.sl-reverse.com  (174.36.247.78:80)

Remove foxit_elex_v9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.