» lly_vi-view.exe
Overview
Analysis
File Details
Downloads (1)

lly_vi-view.exe

858_tugs_vi-view

Ma Lin

The application lly_vi-view.exe by Ma Lin has been detected as adware by 25 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.girlzhangtianjiao.com.

File name:

lly_vi-view.exe

Publisher:

File Syn (signed by Ma Lin)

Product:

858_tugs_vi-view

Description:

FileWork

Version:

6.1.7601.646

MD5:

7046d34deda99b4f9447b4bf8e5c7b1f

SHA-1:

54ede0e3bcdbb97c8beed2966ce3e6cc1d56de50

SHA-256:

9cb29ad20c3ba84737a70751fc61f2a15a59d72f34785e5adbb491937dd61e34

Scanner detections:

25 / 68

Status:

Adware

Analysis date:

5/7/2024 12:44:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BEIS

870

AhnLab V3 Security

PUP/Win32.Amonetiz

2014.07.28

Avira AntiVirus

TR/Wysotot.G.11

7.11.164.228

avast!

Malware-gen

2014.9-140917

AVG

Malin

2015.0.3389

Baidu Antivirus

Trojan.Win32.WPM

4.0.3.1487

Bitdefender

Trojan.Agent.BEIS

1.0.20.1300

Emsisoft Anti-Malware

Trojan.Agent.BEIS

8.14.09.17.03

ESET NOD32

Win32/ELEX.AT (variant)

8.10189

F-Secure

Trojan.Agent.BEIS

11.2014-17-09_4

G Data

Trojan.Agent.BEIS

14.9.24

herdProtect (fuzzy)

variant of lly_istart123.exe (Adware)

2014.10.2.7

Kaspersky

Trojan.Win32.Agent

14.0.0.3237

Malwarebytes

PUP.Optional.SearchHijacker.A

v2014.08.07.03

McAfee

Artemis!57655046CFE7

5600.7045

Microsoft Security Essentials

Trojan:Win32/Wysotot.G

1.10802

MicroWorld eScan

Trojan.Agent.BEIS

15.0.0.780

nProtect

Trojan.Agent.BEIS

14.08.01.01

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Reason Heuristics

PUP.MaLin.L

14.8.7.15

Rising Antivirus

PE:Worm.Rebhip!1.64F0

23.00.65.14805

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Wysotot

10354

Trend Micro House Call

TROJ_GEN.R08NH09GV14

7.2.219

VIPRE Antivirus

Trojan.Win32.Generic

31780

File size:

759.9 KB (778,112 bytes)

Product version:

6.1.7601.646

SynWork

Original file name:

SynWork.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lly_vi-view.exe

Digital Signature

Signed by:

Ma Lin

Authority:

WoSign CA Limited

Valid from:

6/26/2014 4:24:23 AM

Valid to:

6/26/2015 4:24:23 AM

Subject:

CN=Ma Lin, E=chloezhangling@163.com, L=北京市, S=北京市, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

0FC83FBFE11653F06215DCA7EACE7E7D

File PE Metadata

Compilation timestamp:

7/24/2014 9:34:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:LA3qkg+aJddRCGJJXogDV4O7dkUYvtbYBdrgaquis69hI/x9hKxyWtQN6o5SsKTM:LAxg+WvDFTrgaW9hINN6o5qTVtGW/vTs

Entry address:

0x46E7F

Entry point:

E8, AE, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 6C, BE, 4A, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 18, 91, 4A, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 6C, BE, 4A, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00... 
[+]

Entropy:

6.3822

Code size:

544.5 KB (557,568 bytes)

The file lly_vi-view.exe has been seen being distributed by the following URL.

http://www.girlzhangtianjiao.com/hpnt/.../lly_vi-view.exe

Remove lly_vi-view.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.