» lly1_istartsurf.exe
Overview
Analysis
File Details

lly1_istartsurf.exe

3486_tug1_istartsurf

Shulan Hou

The application lly1_istartsurf.exe by Shulan Hou has been detected as adware by 16 anti-malware scanners.

File name:

lly1_istartsurf.exe

Publisher:

BaiSix (signed by Shulan Hou)

Product:

3486_tug1_istartsurf

Description:

BaiSix

Version:

6.3.7602.2124

MD5:

46cd802bc8fae7dc432e75d576e784da

SHA-1:

dbee669e1acffee8e508272ae203c1abf1e528e6

SHA-256:

41d52954c2609b5685ce30f630561c15e9e0ff144a6b17cf9afb71bdbae78e67

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

8/2/2025 11:41:41 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

AVG

Generic

2016.0.3134

Baidu Antivirus

PUA.Win32.LiMo

4.0.3.15419

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.325

9.0.1.0202

ESET NOD32

Win32/LiMo.C potentially unwanted application

9.7.0.302.0

G Data

Win32.Application.Limo

15.4.25

herdProtect (fuzzy)

variant of nslced5.tmp (Adware)

2015.7.21.10

IKARUS anti.virus

PUA.LiMo

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.203.15712

Malwarebytes

PUP.Optional.IStartsurf.A

v2015.04.19.11

NANO AntiVirus

Riskware.Win32.Mutabaha.dqesbj

0.30.20.1219

Quick Heal

PUA.MSJDGBTIR.OD6

7.15.14.00

Reason Heuristics

Threat.Ma Lin.ShulanHou

15.4.19.19

Sophos

Elex

4.98

Zillya! Antivirus

Downloader.Adload.Win32.19234

2.0.0.2144

File size:

705.6 KB (722,528 bytes)

Product version:

6.3.7602.2124

BaiSix.com

Original file name:

BaiSix.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temporary internet files\content.ie5\{random}\lly1_istartsurf.exe

Digital Signature

Signed by:

Shulan Hou

Authority:

DigiCert Inc

Valid from:

12/23/2014 9:00:00 PM

Valid to:

1/6/2016 9:00:00 AM

Subject:

CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0556596736BF2D2DEB3BC21E5D02E7CE

File PE Metadata

Compilation timestamp:

4/2/2015 7:22:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:a7b5VIL4YwyVFJL9qVTvkqcDzcvEghPcTOCa5NqO/cNC5gUCZuTdp4KO:av7epqt8qcDovfRcnO/cfZuT34KO

Entry address:

0x3DFE3

Entry point:

E8, 20, CA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 30, DB, 49, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 01, 4C, 00, 00, 59, FF, 34, F5, 30, DB, 49, 00, FF, 15, B0, F1, 47, 00, 5E, 5D, C3, 56, 57, BE, 30, DB, 49, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, B8, F1, 47, 00, 53, E8, CF, A8, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 50, DC, 49, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15... 
[+]

Code size:

501 KB (513,024 bytes)

Remove lly1_istartsurf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.