» itunes组件卸载工具-itunes组件卸载工具+v1.0+绿色免费版@34_39806.exe
Overview
Analysis
File Details
Downloads (1)

itunes组件卸载工具-itunes组件卸载工具+v1.0+绿色免费版@34_39806.exe

Downloader

Ruifeng Network Technology Co., Ltd.

The application itunes组件卸载工具-itunes组件卸载工具+v1.0+绿色免费版@34_39806.exe by Ruifeng Network Technology Co. has been detected as adware by 21 anti-malware scanners. The file has been seen being downloaded from www.downxia.com.

File name:

Publisher:

Ruifeng Network Technology Co., Ltd. (signed and verified)

Product:

Downloader

Version:

6.0.3.9

MD5:

89ab6ece82994b6b925de441a0426ea3

SHA-1:

3f53138a3dfa486ccbe4814985ccf6caab20bad5

SHA-256:

1a83162278c9d13665eded7ec3b01c22e4cbadd46d258be2a7e7bad0b341ac21

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

5/5/2024 1:09:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.PLH

662

Agnitum Outpost

PUA.Qjwmonkey

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-150413

AVG

Generic6

2016.0.3140

Bitdefender

Adware.Agent.PLH

1.0.20.515

Comodo Security

Application.Win32.Qjwmonkey.ADH

21560

Dr.Web

Adware.Qjwmonkey.4

9.0.1.0103

Emsisoft Anti-Malware

Adware.Agent.PLH

8.15.04.13.01

ESET NOD32

Win32/Adware.Qjwmonkey (variant)

9.11389

Fortinet FortiGate

Riskware/Qjwmonkey

4/13/2015

F-Secure

Adware.Agent.PLH

11.2015-13-04_2

G Data

Adware.Agent.PLH

15.4.25

IKARUS anti.virus

PUA.Qjwmonkey

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.202.15407

Malwarebytes

PUP.Optional.Chad

v2015.04.13.01

McAfee

Artemis!89AB6ECE8299

5600.6796

MicroWorld eScan

Adware.Agent.PLH

16.0.0.309

Reason Heuristics

PUP.RuifengNetworkTechnologyCo

15.4.24.0

Sophos

Ruifeng

4.98

Trend Micro House Call

Suspicious_GEN.F47V0327

7.2.103

VIPRE Antivirus

Adware Trojan.Win32.Generic

38838

File size:

671.8 KB (687,872 bytes)

Product version:

6.0.3.9

Original file name:

Downloader

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\itunes??????-itunes??????+v1.0+?????@34_39806.exe

Digital Signature

Signed by:

Ruifeng Network Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

1/14/2015 5:05:07 PM

Valid to:

1/14/2016 5:05:07 PM

Subject:

CN="Ruifeng Network Technology Co., Ltd.", O="Ruifeng Network Technology Co., Ltd.", L=Jintan, S=Jiangsu, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2ADA1149D66C3DD3E7D5FA9F4F8A0649

File PE Metadata

Compilation timestamp:

3/24/2015 10:32:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:DDi8GTOTzO6ZoLRlMVyRgjAzJGXCx3eK4Ty1fOlq:DDibYZQlniAFGyxfKy1mA

Entry address:

0x155DB

Entry point:

E8, 59, 87, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, B0, 8C, 48, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 1C, 7A, 43, 00, 01, 0F, 82, 38, 89, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1... 
[+]

Entropy:

7.0609

Code size:

165 KB (168,960 bytes)

The file itunes组件卸载工具-itunes组件卸载工具+v1.0+绿色免费版@34_39806.exe has been seen being distributed by the following URL.

http://www.downxia.com/Download.asp?ID=39806&flag=1&URL=http://down1.downxia.com/.../iTunes_zjxzgj.rar

Remove itunes组件卸载工具-itunes组件卸载工具+v1.0+绿色免费版@34_39806.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.